Resources
Vulnerability
CVE-2024-0529
Resources
Vulnerability

CVE-2024-0529

CWE ID:
CWE-89
Share this Resource
9.8
Critical

Overview

A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/login_auth.php of the component HTTP POST Request Handler. The manipulation of the argument username_login leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250699. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Scantist CVSS
Published : 1/16/2024
Scope
Unchanged
Attack Vector
Network
Base Severity
Critical
Integrity Impact
High
User Interaction
None
Attack Complexity
Low
Availabillity
High
Privileges Required
None
Confidentiality
High
Share this Resource

Related Vulnerabilities

Exploring Associated Weaknesses

7.2
High

CVE-2024-0533

A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
7.5
High

CVE-2023-48383

NetVision Information airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
9.8
Critical

CVE-2024-0529

A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/login_auth.php of the component HTTP POST Request Handler. The manipulation of the argument username_login leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250699. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Subscribe to our Newsletter

Join thousands of innovators, developers and security teams who trust Scantist to safeguard their software.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.