.. / CVE-2024-31750

Exploit for F-logic DataCube3 1.0 - Unauthenticated SQL Injection (CVE-2024-31750)

Description:

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.

Affected Products:

Proof of Concept

PoC exploits

Nuclei Template

View the template here CVE-2024-31750.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-31750.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-31750
https://github.com/lampSEC/semcms/blob/main/datacube3.md
https://github.com/MrWQ/vulnerability-paper/blob/master/bugs/DataCube3%20getting_index_data.php%20SQL%20%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC