CVE-2024-2015 | ZhiCms 4.0 mcontroller.php getindexdata key sql injection

Posted by Angelo Barbosa | Feb 29, 2024 | CVE

A vulnerability, which was classified as critical, has been found in ZhiCms 4.0. This issue affects the function getindexdata of the file app/index/controller/mcontroller.php. The manipulation of the argument key leads to sql injection.

The identification of this vulnerability is CVE-2024-2015. The attack may be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-2015 | ZhiCms 4.0 mcontroller.php getindexdata key sql injection

Related Posts

CVE-2024-41250 | Kashipara Responsive School Management System 3.2.0 Student Details /smsa/view_students.php access control

CVE-2024-34335 | ORDAT FOSS-Online up to 2.24.00 Login Page cross site scripting

CVE-2024-2687 | Campcodes Online Job Finder System 1.0 index.php id sql injection

CVE-2024-43313 | FormFacade Plugin up to 1.3.2 on WordPress cross site scripting