CVE-2024-12480 | cjbi wetech-cms 1.0/1.1/1.2 TopicDao.java searchTopic con sql injection

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been classified as critical. Affected is the function searchTopic of the file wetech-cms-masterwetech-coresrcmainjavatechwetechcmsdaoTopicDao.java. The manipulation of the argument con leads to sql injection.

This vulnerability is traded as CVE-2024-12480. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-12480 | cjbi wetech-cms 1.0/1.1/1.2 TopicDao.java searchTopic con sql injection

Related Posts

CVE-2024-46442 | BYD Dilink Headunit System 3.x excessive authentication

CVE-2023-45854 | Shopkit 1.0 add-to-cart qtd behavioral workflow

CVE-2023-52376 | Huawei HarmonyOS/EMUI Gallery Module information management

CVE-2024-22397 | SonicWall SonicOS SSLVPN Portal cross site scripting (SNWLID-2024-0005)