CVE-2024-29667

2024-03-2918:15:08

[email protected]

web.nvd.nist.gov

cve-2024-29667

tongtianxing technology co.

ltd

remote attacker

privilege escalation

sensitive information

ids parameter

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter.

References

github.com/whgojp/cve-reports/wiki/CMSV6-vehicle-monitoring-platform-system-SQL-injection