CVE-2024-2621
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
19/03/2024
Last modified:
27/02/2025
Description
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of the argument uuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257198 is the identifier assigned to this vulnerability.
Impact
Base Score 3.x
6.30
Severity 3.x
MEDIUM
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:kelixin_communication_command_and_dispatch_project:kelixin_communication_command_and_dispatch:*:*:*:*:*:*:*:* | 2024-03-18 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-pwd_update.php.pdf
- https://vuldb.com/?ctiid_257198=
- https://vuldb.com/?id_257198=
- https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-pwd_update.php.pdf
- https://vuldb.com/?ctiid_257198=
- https://vuldb.com/?id_257198=