dingfanzu CMS saveNewPwd.php SQL Injection Vulnerability (CVE-2024-9294)

Key Information Vulnerability Description Vulnerability ID: VDB-278786, CVE-2024-9294 Affected Versions: dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c Vulnerability Name: saveNewPwd.php Username SQL Injection CVSS Meta Temp Score: 5.7 Current Vulnerability Price: $0-$5k CTI Interest Score: 2.10 Vulnerability Impact Affected File: saveNewPwd.php Issue Description: SQL injection caused by unknown code exploiting unknown input. CWE: CWE-89 Affected Component: Input received from upstream components is not properly neutralized or is incorrectly neutralized, potentially allowing downstream components' SQL commands to be modified. Affected Properties: Confidentiality, Integrity, and Availability. Vulnerability Details Public Information: The vulnerability is publicly disclosed and detailed information is available on GitHub. Vulnerability ID: CVE-2024-9294 Vulnerability Nature: Known and easily exploitable. Attack Vector: Remote attack possible. Technical Details: Known. Public Exploit: Known. Vulnerability Classification: T1505, assigned by MITRE ATT&CK project. Exploitation Exploitation Method: Targets can be identified by searching for . Recommendation: Replace affected components. Related Links Related Vulnerabilities: VDB-276665, VDB-276786, VDB-276799, VDB-277247 Product Information Type: Product type not specified. Summary This vulnerability is an SQL injection affecting the file in dingfanzu CMS. It arises from unknown code exploiting unknown input, leading to SQL injection and impacting confidentiality, integrity, and availability. The vulnerability is publicly disclosed, with detailed information available on GitHub, and has been assigned CVE-2024-9294. It is recommended to replace affected components.

Goal Reached Thanks to every supporter — we hit 100%!

dingfanzu CMS saveNewPwd.php SQL Injection Vulnerability (CVE-2024-9294)