exploitDog

CVE-2024-28714

Опубликовано: 28 мар. 2024

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter.

Ссылки

http://crmebjava.com
Permissions Required
https://gitee.com/ZhongBangKeJi/crmeb_java
Product
https://github.com/JiangXiaoBaiJia/cve2/blob/main/1.md
Exploit
Third Party Advisory
https://github.com/JiangXiaoBaiJia/cve2/blob/main/a.png
Exploit
http://crmebjava.com
Permissions Required
https://gitee.com/ZhongBangKeJi/crmeb_java
Product
https://github.com/JiangXiaoBaiJia/cve2/blob/main/1.md
Exploit
Third Party Advisory
https://github.com/JiangXiaoBaiJia/cve2/blob/main/a.png
Exploit
https://www.vicarius.io/vsociety/posts/ssti-in-mblog-351-a-tale-of-a-glorified-rce-cve-2024-28713-28714
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:crmeb:crmeb_java:*:*:*:*:*:*:*:*

Версия до 1.3.4 (исключая)

EPSS

Процентиль: 44%

0.00219

Низкий

8.1 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-rhp6-2jj3-53p2

CVSS3: 8.1

github

почти 2 года назад

SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter.

EPSS

Процентиль: 44%

0.00219

Низкий

8.1 High

CVSS3

Дефекты

CWE-89