CVE-2024-2621

Fujian Kelixin Communication Command and Dispatch Platform pwd_update.php sql injection

CVSS 6.3 MEDIUMEPSS 1.9%CWE-89

Vexday Risk Score

28Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 6.3EPSS 1.9%KEV nãoPoC —Nuclei simMetasploit —Patch referenciado

Lifecycle

19 Mar 2024Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of the argument uuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257198 is the identifier assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected products

Fujian Kelixin Communication · Command and Dispatch Platform

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-pwd_update.php.pdf https://vuldb.com/?ctiid.257198 https://vuldb.com/?id.257198