CVE-2024-2621

Name of the Vulnerable Software and Affected Versions Fujian Kelixin Communication Command and Dispatch Platform versions up to 20240318

Description A critical issue affects some unknown functionality of the file api/client/user/pwd update.php. The manipulation of the uuid argument leads to SQL injection. The attack can be launched remotely.

Recommendations For versions up to 20240318, as a temporary workaround, consider restricting access to the api/client/user/pwd update.php file until a patch is available. Avoid using the uuid argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.