SQL Injection Vulnerability in Chanjet Smooth T+ System
CVE-2024-5653

9.8CRITICAL

Key Information:

Vendor: Chanjet
Status: T\+
Vendor: CVE Published:; 5 June 2024

What is CVE-2024-5653?

A critical SQL injection vulnerability is present in Chanjet Smooth T+ System version 3.5, specifically within the processing of the '/tplus/UFAQD/keyEdit.aspx' file. This vulnerability arises when the 'KeyID' argument is manipulated, allowing an attacker to execute arbitrary SQL commands on the database. The exploit can be initiated remotely, posing significant risks to the integrity and confidentiality of the data handled by the system. Despite efforts to notify the vendor regarding this issue, there has been no response, which heightens the urgency for users to assess their exposure and take immediate protective measures.

References

https://vuldb.com/?id.267185

https://vuldb.com/?ctiid.267185

https://vuldb.com/?submit.345311

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2024

JSON