{"id":"CVE-2024-24110","details":"SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people.","modified":"2026-04-12T08:03:51.906182Z","published":"2024-03-21T02:52:09.993Z","references":[{"type":"REPORT","url":"https://github.com/crmeb/crmeb_java/issues/13"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/crmeb/crmeb_java","events":[{"introduced":"0"},{"fixed":"e12dfccb7397c666c7c935a4595bf262e8f9966f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.3.4"}]}}],"database_specific":{"vanir_signatures_modified":"2026-04-12T08:03:51Z","vanir_signatures":[{"digest":{"length":3104,"function_hash":"251373921438959921147260856997289397726"},"target":{"function":"generatorCode","file":"crmeb/crmeb-common/src/main/java/com/zbkj/common/utils/genutils/GenCodeUtils.java"},"source":"https://github.com/crmeb/crmeb_java/commit/e12dfccb7397c666c7c935a4595bf262e8f9966f","id":"CVE-2024-24110-9a59efff","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["288944249768873526937998164569970110376","259331480453377501525860871539471587062","167472243063323145613347009919084879940","224857076415932707700894675397856418494"]},"target":{"file":"crmeb/crmeb-common/src/main/java/com/zbkj/common/utils/genutils/GenCodeUtils.java"},"source":"https://github.com/crmeb/crmeb_java/commit/e12dfccb7397c666c7c935a4595bf262e8f9966f","id":"CVE-2024-24110-f9ca89e8","signature_version":"v1","deprecated":false,"signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24110.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}