SQL Injection Vulnerability in Guangzhou Tuchuang Interlib Library Cluster Automation Management System
CVE-2024-10946

7.2HIGH

Key Information:

Vendor: Guangzhou Tuchuang Computer Software Development
Status: Interlib Library Cluster Automation Management System
Vendor: CVE Published:; 7 November 2024

🔔 Create Guangzhou Tuchuang Computer Software Development Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-10946?

A critical vulnerability has been identified within the Interlib Library Cluster Automation Management System developed by Guangzhou Tuchuang Computer Software Development. The vulnerability resides in the administrative interface at /interlib/admin/SysLib where improper handling of the 'sql' argument allows for SQL injection attacks. This flaw permits remote attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. The vulnerability affects all versions of the software up to 2.0.1, severely jeopardizing system integrity and data security. Disclosures regarding this vulnerability have been made publicly, and the lack of response from the vendor raises significant concerns regarding remediation efforts and ongoing user safety. Immediate actions are advised for all affected users to mitigate the potential risks associated with this exploit.

Affected Version(s)

Interlib Library Cluster Automation Management System 2.0.0

Interlib Library Cluster Automation Management System 2.0.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-10946 - Proof of Concept