CVE-2024-12480
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-12480 is a newly disclosed critical vulnerability affecting the cjbi wetech-cms versions 1.0, 1.1, and 1.2. The issue lies in the function searchTopic of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\TopicDao.java. An attacker can manipulate the argument 'con' to execute SQL injection attacks. This vulnerability can be exploited remotely, making it a significant threat. The exploit has been made public, increasing the risk of attacks. Unfortunately, the vendor has not responded to disclosure efforts, leaving users without a patch or mitigation strategy.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.