SQL Injection Vulnerability in JEPaaS 7.2.8 by Ketr
CVE-2024-51164

Currently unrated

Key Information:

Vendor: Ketr
Status: JEPaaS
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-51164?

JEPaaS 7.2.8 contains vulnerabilities that expose multiple parameters to SQL injection through the /je/login/btnLog/insertBtnLog endpoint. If exploited, this flaw allows remote attackers to craft specific queries to gain unauthorized access to sensitive information stored in the database, potentially leading to severe data breaches and compromised system integrity.

References

https://github.com/abcc111/vulns/blob/main/JEPaaS/Multipl...

https://gitee.com/ketr/jepaas-release

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024

JSON