CVE-2024-2074
Description
A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255389 was assigned to this vulnerability.
NVD
Severity: N/A
CVE ID: CVE-2024-2074
CVSS Score: N/A
CVSS Metrics: NVD assessment not yet provided.
VulDB
Severity: MEDIUM
CVE ID: CVE-2024-2074
CVSS Score: 6.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Proof Of Concept
yuziiiiiiiiii
CVE-2024-2074
Refrence: GitHub