CVE-2024-24003

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 8, 2024

Updated: Feb 10, 2024

CWE ID 89

Summary

CVE-2024-24003: A SQL Injection vulnerability has been identified in jshERP v3.3. The issue lies within the com.jsh.erp.controller.DepotHeadController's findInOutMaterialCount() function. It fails to adequately filter the 'column' and 'order' parameters, enabling an attacker to craft malicious payloads and bypass jshERP's sql injection protection mechanism in the 'safeSqlParse' method.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uRlkw4
https://www.cve.org/CVERecord?id=CVE-2024-24003
https://nvd.nist.gov/vuln/detail/CVE-2024-24003

Back to Vulnerability Database

CVE-2024-24003

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations