CVE-2024-9573

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)

Published: Oct 7, 2024 / Updated: 43d ago

010
CVSS 6.5EPSS 0.04%Medium
CVE info copied to clipboard

SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9573. See article

Oct 7, 2024 at 2:55 PM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 7, 2024 at 2:55 PM
CVE Assignment

NVD published the first details for CVE-2024-9573

Oct 7, 2024 at 3:15 PM
CVSS

A CVSS base score of 6.3 has been assigned.

Oct 7, 2024 at 3:20 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 8, 2024 at 9:58 AM
CVSS

A CVSS base score of 6.5 has been assigned.

Oct 8, 2024 at 6:50 PM / nvd
Static CVE Timeline Graph

Affected Systems

Soplanning/soplanning
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI