A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/create_share.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is uniquely identified as CVE-2024-10129. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.