CVE-2024-24375

SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter.
Configurations

No configuration.

History

29 Aug 2024, 20:36

Type Values Removed Values Added
CWE CWE-89
CWE-312
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
Summary
  • (es) Vulnerabilidad de inyección SQL en Jfinalcms v.5.0.0 permite a un atacante remoto obtener información confidencial a través del parámetro de nombre /admin/admin.

07 Mar 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-07 01:15

Updated : 2024-08-29 20:36


NVD link : CVE-2024-24375

Mitre link : CVE-2024-24375

CVE.ORG link : CVE-2024-24375


JSON object : View

Products Affected

No product.

CWE
CWE-312

Cleartext Storage of Sensitive Information

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')