A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2....
Moderate severity
Unreviewed
Published
Dec 12, 2024
to the GitHub Advisory Database
•
Updated Dec 13, 2024
Description
Published by the National Vulnerability Database
Dec 12, 2024
Published to the GitHub Advisory Database
Dec 12, 2024
Last updated
Dec 13, 2024
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been classified as critical. Affected is the function searchTopic of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\TopicDao.java. The manipulation of the argument con leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References