.. / CVE-2024-2621

Exploit for Fujian Kelixin Communication < 20240318 - Authenticated SQL Injection (CVE-2024-2621)

Description:

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of the argument uuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257198 is the identifier assigned to this vulnerability.

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2024-2621.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-2621.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-2621
https://vuldb.com/?id.257198