CVE-2024-10129 | HFO4 shudong-share up to 2.4.7 Share create_share.php fkey sql injection

A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/create_share.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is uniquely identified as CVE-2024-10129. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10129 | HFO4 shudong-share up to 2.4.7 Share create_share.php fkey sql injection

Related Posts

CVE-2024-28715 | DoraCMS up to 2.18 markdown.jsx markdown0 cross site scripting

CVE-2024-26145 | Discourse discourse-calendar Private Event authorization

CVE-2024-28805 | Italtel i-MCS NFV 12.1.0-20211215 access control

CVE-2024-7162 | SeaCMS 12.9/13.0 post.php yzm cross site scripting (Issue 29)