CVE-2024-30928

SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc...

CVE-2024-30928

SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc...

CVE-2024-30928

SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc...

CVE-2024-30928

SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc...

DerbyNet 安全漏洞

DerbyNet is a simple code for a match broadcasting program. A SQL injection vulnerability exists in the DerbyNet classids parameter, which can be exploited to send crafted SQL statements to ajax/query.slide.next.inc scripts using the 'classids' parameter, allowing an attacker to view, add, modify...

PT-2024-23678 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows attackers to execute arbitrary SQL commands via the classids Parameter in the "ajax/query.slide.next.inc" endpoint. This enables attackers to manipulate database queries, potential...