Key Information Vulnerability Description: Vulnerability ID: VDB-276075, CVE-2024-8303 Affected Versions: dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c Affected File: /ajax/getBasicInfo.php Vulnerability Type: SQL Injection Affected Component: Unknown, but potentially impacts unknown functional parts Vulnerability Impact: CVSS Meta Temp Score: 6.0 Current Vulnerability Price: $0–$5k CTI Interest Score: 1.49 Vulnerability Details: Description: The vulnerability allows SQL injection attacks via unknown input on the parameter. Impact: May compromise confidentiality, integrity, and availability of data. Public Disclosure: Disclosure Date: 2024 Disclosure Platform: github.com Vulnerability ID: CVE-2024-8303 Exploit Difficulty: Easy Attack Vector: Remote Technical Details: Known Public Exploit: Known Attack Technique: T1505 (according to MITRE ATT&CK framework) Public Exploit: Exploit Tool: Shared publicly on github.com Exploit Status: Proof of Concept Vendor Contact: Vendor contacted previously, but no response received. Search Method: Search Keywords: inurl:ajax/getBasicInfo.php Search Tool: Google Hacking Summary This vulnerability is an SQL injection flaw affecting specific versions of dingfanzu CMS. It allows SQL injection attacks via unknown input on the parameter, potentially compromising data confidentiality, integrity, and availability. The vulnerability has been publicly disclosed, with exploit tools shared publicly, and exploitation is considered easy.