CVE-2024-29667

2024-03-2900:00:00

mitre

www.cve.org

cve-2024-29667

tongtianxing technology co.

ltd

sql injection

cmsv6

privilege escalation

sensitive information

ids parameter

7.8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter.

References

github.com/whgojp/cve-reports/wiki/CMSV6-vehicle-monitoring-platform-system-SQL-injection