CVE-2024-2478 | BradWenqiang HR 2.0 Background Management /bishe/register selectAll userName sql injection

Posted by Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability was found in BradWenqiang HR 2.0. It has been rated as critical. Affected by this issue is the function selectAll of the file /bishe/register of the component Background Management. The manipulation of the argument userName leads to sql injection.

This vulnerability is handled as CVE-2024-2478. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-2478 | BradWenqiang HR 2.0 Background Management /bishe/register selectAll userName sql injection

Related Posts

CVE-2024-36448 | Apache IoTDB Workbench 0.13.x server-side request forgery

CVE-2024-37631 | TOTOLINK A3700R 9.1.2u.6165_20211012 UploadCustomModule File stack-based overflow

CVE-2024-0387 | Moxa EDS-G4014 up to 3.1 Request confused deputy

CVE-2024-6340 | Premium Addons for Elementor Plugin up to 4.10.35 on WordPress Countdown Widget cross site scripting