CVE-2024-51211
CRITICAL EXPLOITED NUCLEIOS4ED openSIS-Classic 9.1 - SQL Injection via resetuserinfo.php $username_stn_id Parameter
Title source: llmExploitation Summary
CVE-2024-51211 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit. A Nuclei detection template is also available.
AI-analyzed exploit summary The repository claims an unauthenticated SQL injection in openSIS-Classic 9.1 but provides no actual exploit code, only placeholder images and a vague description. The author states they will 'explain the PoC code when I hear back from the manufacturer,' which is a red flag for incomplete or deceptive content.
Description
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject arbitrary SQL commands.
Exploits (1)
The repository claims an unauthenticated SQL injection in openSIS-Classic 9.1 but provides no actual exploit code, only placeholder images and a vague description. The author states they will 'explain the PoC code when I hear back from the manufacturer,' which is a red flag for incomplete or deceptive content.
Nuclei Templates (1)
title:"openSIS"
title="openSIS"
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H