.. / CVE-2024-24112

Exploit for Exrick XMall v1.1 - Unauthenticated SQL Injection (CVE-2024-24112)

Description:

XMall v1.1 was discovered to contain a SQL injection vulnerability via the ‘orderDir’ parameter.

Affected Products:

Proof of Concept

PoC exploits

Nuclei Template

View the template here CVE-2024-24112.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-24112.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-24112
https://github.com/Exrick/xmall/issues/78