CVE Catalog

CVE-2024-58352

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.56%

43th percentile — higher than 43% of all known CVEs

Summary

Landray OA contains an unauthenticated HQL injection vulnerability that allows attackers to query Hibernate entities by injecting malicious HQL syntax into the uid parameter of the wechatLoginHelper.do endpoint. Lack of input sanitization in the filter expression passed to the Hibernate findList() method enables extraction of sensitive data like administrator password hashes and, with sufficient database privileges, file-write operations leading to remote code execution.

Risk Assessment

The risk for the organization includes unauthorized access to sensitive credentials and potential system takeover via remote code execution, compromising system integrity and confidentiality.

Recommendation

Immediately update Landray OA to the latest patched version and implement input validation and sanitization for all parameters in the wechatLoginHelper.do endpoint.

Original NVD description (English source)

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input sanitization in the string-concatenated filter expression passed to the Hibernate findList() call to extract sensitive data such as administrator password hashes and, with sufficient database privileges, perform file-write operations enabling remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-03-11 (UTC).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS