CVE-2024-2621
published 2024-03-19CVE-2024-2621: A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.94%
77.6th percentile
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of the argument uuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257198 is the identifier assigned to this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fujian_kelixin_communication | command_and_dispatch_platform | — | — |
| kelixin_communication_command_and_dispatch_project | kelixin_communication_command_and_dispatch | <= 2024-03-18 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/api/client/user/pwd_update.php?usr_number=1%27%20AND%20(SELECT%207872%20FROM%20(SELECT(SLEEP(6)))DHhu)%20AND%20%27pMGM%27=%27pMGM&new_password=1&sign=1
commandusr_number=1' AND (SELECT 7872 FROM (SELECT(SLEEP(6)))DHhu) AND 'pMGM'='pMGM
- →Detect exploitation attempts by monitoring GET requests to /api/client/user/pwd_update.php containing time-based SQL injection payloads (e.g., SLEEP()) in the usr_number parameter.
- →Successful exploitation responses contain all three JSON keys: msg", header", and code" with HTTP 200 status and a response duration >= 6 seconds (matching the SLEEP(6) payload).
- →Use FOFA query to identify exposed instances of the Fujian Kelixin Command and Dispatch Platform for proactive asset discovery.
- ·The SQL injection is time-based (SLEEP-based), so detection via response duration thresholds may produce false positives/negatives depending on server load or network latency. A threshold of >= 6 seconds is used in the proof-of-concept.
- ·The vulnerability requires authentication (low-privilege); unauthenticated scanning will not trigger the vulnerable code path.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Fujian Kelixin Communication - Command Injection
nuclei·CVSS 9.8
CVE-2024-2621 [CRITICAL] Fujian Kelixin Communication - Command Injection
Fujian Kelixin Communication - Command Injection
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php.
Template:
id: CVE-2024-2621
info:
name: Fujian Kelixin Communication - Command Injection
author: DhiyaneshDk
severity: medium
description: |
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php.
impact: |
Authenticated attackers can extract sensitive database information via time-based SQL injection in the usr_number parameter.
remediation: |
https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-pwd_update.php.pdfhttps://vuldb.com/?ctiid.257198https://vuldb.com/?id.257198https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-pwd_update.php.pdfhttps://vuldb.com/?ctiid.257198https://vuldb.com/?id.257198
2024-03-19
Published