{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-11251","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-11-15T08:57:19.277Z","datePublished":"2024-11-15T18:00:12.868Z","dateUpdated":"2024-11-19T16:11:57.733Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-11-15T18:00:12.868Z"},"title":"erzhongxmu Jeewms AuthInterceptor cgReportController.do sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"erzhongxmu","product":"Jeewms","versions":[{"version":"20241108","status":"affected"}],"modules":["AuthInterceptor"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well."},{"lang":"de","value":"Eine Schwachstelle wurde in erzhongxmu Jeewms bis 20241108 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei cgReportController.do der Komponente AuthInterceptor. Durch das Manipulieren des Arguments begin_date mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verfügbar."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-11-15T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-11-15T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-11-15T10:04:05.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"VulDB Gitee Analyzer","type":"tool"}],"references":[{"url":"https://vuldb.com/?id.284687","name":"VDB-284687 | erzhongxmu Jeewms AuthInterceptor cgReportController.do sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.284687","name":"VDB-284687 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://gitee.com/erzhongxmu/JEEWMS/issues/IB2XZG","tags":["exploit","issue-tracking"]}]},"adp":[{"affected":[{"vendor":"erzhongxmu","product":"jeewms","cpes":["cpe:2.3:a:erzhongxmu:jeewms:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"20241108","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-19T16:10:24.708428Z","id":"CVE-2024-11251","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-19T16:11:57.733Z"}}]}}