CVE-2024-44349

critical

Description

A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB.

References

https://github.com/AndreaF17/PoC-CVE-2024-44349

https://cybergon.com/

https://blog.cybergon.com/posts/cve-2024-44349/

Details

Source: Mitre, NVD

Published: 2024-10-08

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.05618