CVE-2024-29386

2024-04-0400:00:00

mitre

github.com

projeqtor

sql injection

critical resource.

AI Score

8.3

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*"
    ],
    "vendor": "projeqtor",
    "product": "projeqtor",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "11.2.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cve.anas-cherni.me/2024/04/04/cve-2024-29386/