CVE-2024-58352
CVE-2024-58352 is a high-severity vulnerability with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-564.
Key facts
- Severity: High (CVSS 3.x base score 7.5)
- CVSS v4: 8.7
- EPSS exploit prediction: 1% (43rd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-564
- Published:
- Last modified:
Description
Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input sanitization in the string-concatenated filter expression passed to the Hibernate findList() call to extract sensitive data such as administrator password hashes and, with sufficient database privileges, perform file-write operations enabling remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-03-11 (UTC).
Frequently asked questions
- What is CVE-2024-58352?
- Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input sanitization in the string-concatenated filter expression passed to the Hibernate findList() call to extract sensitive data such as administrator password hashes and, with sufficient database privileges, perform file-write operations enabling remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-03-11 (UTC).
- How severe is CVE-2024-58352?
- CVE-2024-58352 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2024-58352 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (43rd percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2024-58352?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2024-58352 published?
- CVE-2024-58352 was published on 2026-07-02.
References
- https://blog.csdn.net/fushuang333/article/details/136377020
- https://blog.csdn.net/qq_39342001/article/details/137354047
- https://cn-sec.com/archives/2532828.html
- https://www.vulncheck.com/advisories/landray-oa-unauthenticated-hql-injection-via-wechatloginhelper-do
Other CWE-564 vulnerabilities
- CVE-2025-8052 — High (CVSS 8.8): SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege…
- CVE-2025-0959 — High (CVSS 8.8): The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the…
- CVE-2025-67280 — Medium (CVSS 5.4): In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow…
- CVE-2026-23959 — Medium (CVSS 4.9): CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in…