CVE-2024-12481
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Dec 12, 2024
Updated: Dec 13, 2024
CWE ID 89
CWE ID 74
Summary
CVE-2024-12481 is a recently disclosed critical vulnerability affecting the cjbi wetech-cms versions 1.0, 1.1, and 1.2. The function "findUser" in the file "wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\UserDao.java" is the source of this issue. An attacker can manipulate the arguments "searchValue/gId/rId," leading to SQL injection, allowing for remote code execution. The vendor was notified about the disclosure but did not respond, leaving users vulnerable to potential attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share