Summaryinfo

A vulnerability has been found in JIZHICMS 2.4.9 and classified as critical. This affects an unknown part. This manipulation causes sql injection. This vulnerability is handled as CVE-2023-43836. There is not any exploit available. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Detailsinfo

A vulnerability classified as critical was found in JIZHICMS 2.4.9 (Content Management System). Affected by this vulnerability is an unknown part. The manipulation with an unknown input leads to a sql injection vulnerability. The CWE definition for the vulnerability is CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information

The weakness was released 10/03/2023. It is possible to read the advisory at gist.github.com. This vulnerability is known as CVE-2023-43836 since 09/25/2023. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1505 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-48199). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Content Management System

Name

• JIZHICMS

Version

• 2.4.9

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion