CVE-2024-28145
CVSS V2 None
CVSS V3 None
Description
An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNION keyword.
Overview
- CVE ID
- CVE-2024-28145
- Assigner
- SEC-VLab
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-12T13:36:34.917Z
- Last Modified Date
- 2024-12-12T13:36:34.917Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://r.sec-consult.com/imageaccess | third-party-advisory |
| https://www.imageaccess.de/?page=SupportPortal&lang=en | patch |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-28145 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28145 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-12-13 13:21:19 | Added to TrackCVE |