Feld | 28.03.2024 10:21 | 06.05.2024 15:54 | 06.05.2024 16:00 |
---|
cvss4_vuldb_vi | L | L | L |
cvss4_vuldb_va | L | L | L |
cvss4_vuldb_e | P | P | P |
cvss2_vuldb_au | S | S | S |
cvss2_vuldb_rl | ND | ND | ND |
cvss3_vuldb_pr | L | L | L |
cvss3_vuldb_rl | X | X | X |
cvss4_vuldb_at | N | N | N |
cvss4_vuldb_pr | L | L | L |
cvss4_vuldb_sc | N | N | N |
cvss4_vuldb_si | N | N | N |
cvss4_vuldb_sa | N | N | N |
cvss2_vuldb_basescore | 6.5 | 6.5 | 6.5 |
cvss2_vuldb_tempscore | 5.6 | 5.6 | 5.6 |
cvss3_vuldb_basescore | 6.3 | 6.3 | 6.3 |
cvss3_vuldb_tempscore | 5.7 | 5.7 | 5.7 |
cvss3_meta_basescore | 6.3 | 6.3 | 6.3 |
cvss3_meta_tempscore | 5.7 | 5.7 | 6.0 |
cvss4_vuldb_bscore | 5.3 | 5.3 | 5.3 |
cvss4_vuldb_btscore | 2.1 | 2.1 | 2.1 |
price_0day | $0-$5k | $0-$5k | $0-$5k |
vendor | Shanghai Brad Technology | Shanghai Brad Technology | Shanghai Brad Technology |
name | BladeX | BladeX | BladeX |
version | 3.4.0 | 3.4.0 | 3.4.0 |
component | API | API | API |
file | /api/blade-user/export-user | /api/blade-user/export-user | /api/blade-user/export-user |
input_value | updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 | updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 | updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 |
cwe | 89 (SQL Injection) | 89 (SQL Injection) | 89 (SQL Injection) |
risk | 2 | 2 | 2 |
cvss3_vuldb_av | N | N | N |
cvss3_vuldb_ac | L | L | L |
cvss3_vuldb_ui | N | N | N |
cvss3_vuldb_s | U | U | U |
cvss3_vuldb_c | L | L | L |
cvss3_vuldb_i | L | L | L |
cvss3_vuldb_a | L | L | L |
cvss3_vuldb_e | P | P | P |
cvss3_vuldb_rc | R | R | R |
url | https://spoofer.cn/bladex_sqli/ | https://spoofer.cn/bladex_sqli/ | https://spoofer.cn/bladex_sqli/ |
availability | 1 | 1 | 1 |
publicity | 1 | 1 | 1 |
url | https://spoofer.cn/bladex_sqli/ | https://spoofer.cn/bladex_sqli/ | https://spoofer.cn/bladex_sqli/ |
cve | CVE-2024-3039 | CVE-2024-3039 | CVE-2024-3039 |
responsible | VulDB | VulDB | VulDB |
response_summary | The vendor was contacted early about this disclosure but did not respond in any way. | The vendor was contacted early about this disclosure but did not respond in any way. | The vendor was contacted early about this disclosure but did not respond in any way. |
date | 1711580400 (28.03.2024) | 1711580400 (28.03.2024) | 1711580400 (28.03.2024) |
cvss2_vuldb_av | N | N | N |
cvss2_vuldb_ac | L | L | L |
cvss2_vuldb_ci | P | P | P |
cvss2_vuldb_ii | P | P | P |
cvss2_vuldb_ai | P | P | P |
cvss2_vuldb_e | POC | POC | POC |
cvss2_vuldb_rc | UR | UR | UR |
cvss4_vuldb_av | N | N | N |
cvss4_vuldb_ac | L | L | L |
cvss4_vuldb_ui | N | N | N |
cvss4_vuldb_vc | L | L | L |
cve_assigned | | 1711580400 (28.03.2024) | 1711580400 (28.03.2024) |
cve_nvd_summary | | A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
cvss2_nvd_av | | | N |
cvss2_nvd_ac | | | L |
cvss2_nvd_au | | | S |
cvss2_nvd_ci | | | P |
cvss2_nvd_ii | | | P |
cvss2_nvd_ai | | | P |
cvss3_cna_av | | | N |
cvss3_cna_ac | | | L |
cvss3_cna_pr | | | L |
cvss3_cna_ui | | | N |
cvss3_cna_s | | | U |
cvss3_cna_c | | | L |
cvss3_cna_i | | | L |
cvss3_cna_a | | | L |
cve_cna | | | VulDB |
cvss2_nvd_basescore | | | 6.5 |
cvss3_cna_basescore | | | 6.3 |