exploitDog

CVE-2024-51165

Опубликовано: 10 дек. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.

Ссылки

https://abcc111.github.io/posts/CVE-2024-51165/
Exploit
Third Party Advisory
https://github.com/abcc111/vulns/blob/main/JEPaaS/SQL%20injection%20vulnerability%20in%20JEPaaS.md
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ketr:jepaas:7.2.8:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00177

Низкий

7.5 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-w6fv-cg9x-p5jx

CVSS3: 7.5

github

около 1 года назад

SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.

EPSS

Процентиль: 39%

0.00177

Низкий

7.5 High

CVSS3

Дефекты

CWE-89