exploitDog

CVE-2024-55160

Опубликовано: 27 фев. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list.

Ссылки

http://gfast.com
Broken Link
https://github.com/SuperDu1/CVE/issues/2
Exploit
Issue Tracking
https://github.com/tiger1103/gfast/blob/os-v3.2/api/v1/system/sys_oper_log.go#L35
Product
https://github.com/tiger1103/gfast/blob/os-v3.2/internal/app/system/logic/sysOperLog/sys_oper_log.go#L121
Product
https://github.com/tiger1103/gfast/tree/os-v3.2
Product
https://github.com/SuperDu1/CVE/issues/2
Exploit
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:g-fast:gfast:*:*:*:*:*:*:*:*

Версия от 2 (включая) до 3.2 (включая)

EPSS

Процентиль: 35%

0.00144

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-2c2p-jp6r-5757

CVSS3: 9.8

github

около 1 года назад

GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list.

EPSS

Процентиль: 35%

0.00144

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89