CVE-2024-8301

A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax/checkin.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gitapp:dingfanzu:*:*:*:*:*:*:*:*

History

30 Aug 2024, 15:24

Type Values Removed Values Added
References () https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/dingfanzu-CMS/dingfanzu-CMS%20checkin.php%20username%20SQL-inject.md - () https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/dingfanzu-CMS/dingfanzu-CMS%20checkin.php%20username%20SQL-inject.md - Exploit
References () https://vuldb.com/?ctiid.276073 - () https://vuldb.com/?ctiid.276073 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.276073 - () https://vuldb.com/?id.276073 - VDB Entry
References () https://vuldb.com/?submit.396294 - () https://vuldb.com/?submit.396294 - Third Party Advisory, VDB Entry
First Time Gitapp dingfanzu
Gitapp
Summary
  • (es) Se encontró una vulnerabilidad en dingfanzu CMS hasta 29d67d9044f6f93378e6eb6ff92272217ff7225c. Se ha declarado como crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /ajax/checkin.php. La manipulación del argumento username provoca una inyección SQL. El ataque se puede ejecutar de forma remota. La vulnerabilidad se ha divulgado al público y puede utilizarse. Este producto adopta el enfoque de lanzamientos continuos para proporcionar una entrega continua. Por lo tanto, no están disponibles los detalles de las versiones afectadas y actualizadas. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
CPE cpe:2.3:a:gitapp:dingfanzu:*:*:*:*:*:*:*:*
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 9.8

29 Aug 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-29 13:15

Updated : 2024-08-30 15:24


NVD link : CVE-2024-8301

Mitre link : CVE-2024-8301

CVE.ORG link : CVE-2024-8301


JSON object : View

Products Affected

gitapp

  • dingfanzu
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')