CVE-2024-29726

NVD Published Date: August 29, 2024 at 11:15 AM
NVD Last Modified: August 30, 2024 at 03:50 PM
Download Patch
Vulnerability ID
CVE-2024-29726
Severity
CRITICAL
Severity Score
9.8
Summary
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/setAsRead/, parameter id.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-89

Recent Publish

CVE-2024-29723

CVE-2024-5987

CVE-2024-5622

CVE-2024-5624

CVE-2024-38303

CVE-2024-43986

See SecOps Solution
in action

Schedule Demo