PT-2025-9017 · Gfast · Gfast

Superdu1

Published

2025-02-27

Updated

2025-03-03

CVE-2024-55160

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GFast versions v2 through v3.2

Description A SQL injection issue was found via the OrderBy parameter at the "/system/operLog/list" API endpoint.

Recommendations For GFast versions v2 through v3.2, avoid using the OrderBy parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2024-55160

Gfast