Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
CVE-2024-9294: Critical SQL Injection in dingfanzu CMS: Unsecured Password Function
CVE-2024-9294
Summary
A critical security flaw was found in the password management system of dingfanzu CMS, allowing an attacker to inject malicious SQL code remotely. This could potentially give the attacker access to sensitive user data. Update your CMS as soon as possible to protect your users.
Original title
A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file s...
Original description
A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file saveNewPwd.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-89
SQL Injection
Published: 27 Sep 2024 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026