1 results (0.003 seconds)
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10195 – Tecno 4G Portable WiFi TR118 SMS Check goform_get_cmd_process sql injection
https://notcve.org/view.php?id=CVE-2024-10195
20 Oct 2024 — A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. • https://asciinema.org/a/2mwkmDqRZfeAYTu5hHre1r4QB • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •