CVE-2024-10129

Summary

A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/create_share.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
HFO4shudong-share2.4.0affected
HFO4shudong-share2.4.1affected
HFO4shudong-share2.4.2affected
HFO4shudong-share2.4.3affected
HFO4shudong-share2.4.4affected
HFO4shudong-share2.4.5affected
HFO4shudong-share2.4.6affected
HFO4shudong-share2.4.7affected

Weaknesses

  • CWE-89: SQL Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References