exploitDog

CVE-2024-51164

Опубликовано: 15 нояб. 2024

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.

Ссылки

https://abcc111.github.io/posts/CVE-2024-51164/
Exploit
Third Party Advisory
https://gitee.com/ketr/jepaas-release
Product
https://github.com/abcc111/vulns/blob/main/JEPaaS/Multiple%20parameters%20have%20SQL%20injection%20issues%20in%20JEPAAS.md
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ketr:jepaas:7.2.8:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01166

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-7q82-fxvh-gf2x

CVSS3: 9.1

github

около 1 года назад

Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.

EPSS

Процентиль: 78%

0.01166

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-89