exploitDog

CVE-2024-3704

Опубликовано: 12 апр. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database.

Ссылки

https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x
Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys
Third Party Advisory
https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x
Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opengnsys:opengnsys:1.1.1d:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00198

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-rpjc-8hv7-4jhp

CVSS3: 9.8

github

почти 2 года назад

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database.

EPSS

Процентиль: 42%

0.00198

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89