CVE-2024-34310

HIGH

Jin Fang Times CMS <3.2.3 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-34310. PoCs published by 3309899621.

AI-analyzed exploit summary The repository provides a detailed technical description of CVE-2024-34310, a SQL injection vulnerability in Jin Fang Times Content Management System v3.2.3. It includes the affected component, attack vector, and impact details but lacks functional exploit code.

Description

Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter.

Exploits (1)

nomisec WRITEUP

by 3309899621 · poc

https://github.com/3309899621/CVE-2024-34310

View Code ZIP pw:eip

The repository provides a detailed technical description of CVE-2024-34310, a SQL injection vulnerability in Jin Fang Times Content Management System v3.2.3. It includes the affected component, attack vector, and impact details but lacks functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Jin Fang Times Content Management System v3.2.3

No auth needed

Prerequisites: Access to the vulnerable endpoint with the 'id' parameter

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://github.com/3309899621/CVE-2024-34310

Scores

CVSS v3 8.8

EPSS 0.0087

EPSS Percentile 54.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Published May 14, 2024

Tracked Since Feb 18, 2026