← back
CVE-2024-44349

CVE-2024-44349

CVSS 9.8 CRITICALEPSS 5.6%CWE-89
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
githubgithub.com/AndreaF17/PoC-CVE-2024-443491
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blog.cybergon.com/posts/cve-2024-44349/https://cybergon.com/https://github.com/AndreaF17/PoC-CVE-2024-44349