CVE-2024-0479

Name of the Vulnerable Software and Affected Versions Taokeyun versions up to 1.0.5

Description A critical issue has been found, affecting the function login of the file application/index/controller/m/User.php in the HTTP POST Request Handler component. The manipulation of the username argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For Taokeyun versions up to 1.0.5, as a temporary workaround, consider restricting access to the login function in the User.php file until a patch is available. Additionally, avoid using the username argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.