CVE-2024-28145

Published Dec 12, 2024

Last updated 2 months ago

CVSS medium 5.9

Overview

Description
An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNION keyword.
Source
551230f0-3615-47bd-b7cc-93e92e730bbf
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.9
Impact score
3.4
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity
MEDIUM

Weaknesses

551230f0-3615-47bd-b7cc-93e92e730bbf
CWE-89

Social media

Hype score
Not currently trending

  1. CVE-2024-28145 SEC Consult SA-20241204-0 : Multiple Critical Vulnerabilities in Image Access Scan2Net (14 CVE) https://t.co/Eb6rTo1REM

    @VulmonFeeds

    5 Dec 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References