CVE-2024-48509

Published Oct 21, 2024

Last updated 19 days ago

CVSS critical 9.8

Overview

Description: Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain unauthorized access to the database, retrieve sensitive information, modify or delete data, and execute arbitrary commands.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-89
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-89

Hype score: Not currently trending

CVE-2024-48509 Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipul… https://t.co/nZdtLw6fYu
@CVEnew
24 Oct 2024
291 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:learning_with_texts_project:learning_with_texts:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C7F073F-0E17-491D-A38D-28DEB4269C42"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References