CVE-2024-48204

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Oct 25, 2024 / Updated: 25d ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script.

Impact

This vulnerability has a critical severity with a CVSS v3.1 base score of 9.8. It allows remote attackers to execute arbitrary code on the affected system without requiring user interaction or privileges. The impact on confidentiality, integrity, and availability is high, potentially leading to complete system compromise. Attackers can exploit this vulnerability over the network, making it accessible to a wide range of threat actors.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

Based on the provided information, there is no mention of an available patch for this vulnerability.

Mitigation

While no specific mitigation is provided in the vulnerability data, general recommendations for SQL injection vulnerabilities include: 1. Implement input validation and sanitization for all user-supplied input. 2. Use parameterized queries or prepared statements instead of dynamic SQL. 3. Apply the principle of least privilege to database accounts. 4. Regularly update and patch the Hanzhou Haobo network management system when updates become available. 5. Consider implementing a Web Application Firewall (WAF) to help detect and block SQL injection attempts. 6. Monitor system logs for any suspicious activities or unauthorized access attempts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-48204

Oct 25, 2024 at 4:15 PM
First Article

Feedly found the first article mentioning CVE-2024-48204. See article

Oct 25, 2024 at 4:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 25, 2024 at 4:24 PM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 25, 2024 at 8:40 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.8%)

Oct 26, 2024 at 9:53 AM
Static CVE Timeline Graph

Attack Patterns

CAPEC-242: Code Injection
+null more

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI