Lucene search
HistoryMar 12, 2024 - 4:15 p.m.
CVE-2024-1301
sql injection
badger meter monitool
remote attacker
specially crafted sql query
database retrieval
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.0%
SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the j_username parameter and retrieve the information stored in the database.
Related
cvelist
cvelist
CVE-2024-1301 Multiple Vulnerabilities in Badger Meter's Monitool
2024-03-12 15:24:43
vulnrichment
vulnrichment
CVE-2024-1301 Multiple Vulnerabilities in Badger Meter's Monitool
2024-03-12 15:24:43
cve
cve
CVE-2024-1301
2024-03-12 16:15:07
prion
prion
Sql injection
2024-03-12 16:15:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-1301