CVE-2024-43040 | Renwoxing Enterprise Intelligent Management System up to 2.x /fx/baseinfo/SearchInfo parid sql injection

Posted by Angelo Barbosa | Sep 11, 2024 | CVE

A vulnerability was found in Renwoxing Enterprise Intelligent Management System up to 2.x and classified as critical. Affected by this issue is some unknown functionality of the file /fx/baseinfo/SearchInfo. The manipulation of the argument parid leads to sql injection.

This vulnerability is handled as CVE-2024-43040. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-43040 | Renwoxing Enterprise Intelligent Management System up to 2.x /fx/baseinfo/SearchInfo parid sql injection

Related Posts

CVE-2024-5235 | Campcodes Complete Web-Based School Management System 1.0 teacher_salary_invoice.php teacher_id sql injection

CVE-2024-42239 | Linux Kernel up to 6.6.40/6.9.9 bpf bpf_timer_cancel deserialization (936983051868/3e4e8178a866/d4523831f07a)

CVE-2024-6748 | Zoho ManageEngine OpManager up to 128317 URL Monitoring sql injection

CVE-2024-25089 | Malwarebytes Binisoft Windows Firewall Control prior 6.9.9.2 gRPC Named pipe Privilege Escalation