CVE-2024-6039

MEDIUM

Feng Office 3.11.1.2 - SQL Injection via Workspaces Component

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-6039. PoCs published by Andrey Stoykov.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in Feng Office 3.11.1.2, specifically targeting the 'dim' parameter in a GET request. It provides instructions for using SQLMap to exploit the vulnerability but does not include direct exploit code.

Description

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268752.

Exploits (1)

exploitdb WRITEUP

by Andrey Stoykov · webappsphp

https://www.exploit-db.com/exploits/52154

View Code ZIP pw:eip

This is a writeup describing a SQL injection vulnerability in Feng Office 3.11.1.2, specifically targeting the 'dim' parameter in a GET request. It provides instructions for using SQLMap to exploit the vulnerability but does not include direct exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Feng Office 3.11.1.2

Auth required

Prerequisites: Valid credentials to login to the application · Access to the 'Workspaces' feature · SQLMap installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.268752

Permissions Required signature permissions-required

https://vuldb.com/?ctiid.268752

Mailing List, Third Party Advisory mailing-list

https://seclists.org/fulldisclosure/2024/Jun/2

Exploit exploit

https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html

Scores

CVSS v3 6.3

EPSS 0.0073

EPSS Percentile 49.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

fengoffice/feng_office 3.11.1.2

Published Jun 16, 2024

Tracked Since Feb 18, 2026