CVE-2024-11251

Name of the Vulnerable Software and Affected Versions erzhongxmu Jeewms up to 20241108

Description A critical issue affects the processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin date leads to sql injection. The attack may be initiated remotely. Other parameters might be affected as well.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the cgReportController.do file or the AuthInterceptor component to minimize the risk of exploitation. Avoid using the parameter begin date in the affected file until the issue is resolved.