CVE-2024-29729

NVD Published Date: August 29, 2024 at 11:15 AM
NVD Last Modified: August 30, 2024 at 03:49 PM
Download Patch
Vulnerability ID
CVE-2024-29729
Severity
CRITICAL
Severity Score
9.8
Summary
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/generateShortURL/, parameter url.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-89

Recent Publish

CVE-2024-7856

CVE-2024-29726

CVE-2024-29723

CVE-2024-5987

CVE-2024-5622

CVE-2024-5624

See SecOps Solution
in action

Schedule Demo