cbcvebase.
CVE-2024-2621
published 2024-03-19

CVE-2024-2621: A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is…

PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.94%
77.6th percentile
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of the argument uuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257198 is the identifier assigned to this vulnerability.

Affected

2 ranges
VendorProductVersion rangeFixed in
fujian_kelixin_communicationcommand_and_dispatch_platform
kelixin_communication_command_and_dispatch_projectkelixin_communication_command_and_dispatch<= 2024-03-18

Detection & IOCsextracted from sources · hover to see the quote

path/api/client/user/pwd_update.php
url/api/client/user/pwd_update.php?usr_number=1%27%20AND%20(SELECT%207872%20FROM%20(SELECT(SLEEP(6)))DHhu)%20AND%20%27pMGM%27=%27pMGM&new_password=1&sign=1
commandusr_number=1' AND (SELECT 7872 FROM (SELECT(SLEEP(6)))DHhu) AND 'pMGM'='pMGM
  • Detect exploitation attempts by monitoring GET requests to /api/client/user/pwd_update.php containing time-based SQL injection payloads (e.g., SLEEP()) in the usr_number parameter.
  • Successful exploitation responses contain all three JSON keys: msg", header", and code" with HTTP 200 status and a response duration >= 6 seconds (matching the SLEEP(6) payload).
  • Use FOFA query to identify exposed instances of the Fujian Kelixin Command and Dispatch Platform for proactive asset discovery.
  • ·The SQL injection is time-based (SLEEP-based), so detection via response duration thresholds may produce false positives/negatives depending on server load or network latency. A threshold of >= 6 seconds is used in the proof-of-concept.
  • ·The vulnerability requires authentication (low-privilege); unauthenticated scanning will not trigger the vulnerable code path.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.