A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been declared as critical. This vulnerability affects unknown code of the file /table/index. The manipulation leads to sql injection. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 146359646a5a90cb09156dbd0013b7df77f2aa6c. It is recommended to apply a patch to fix this issue.
References
Link | Resource |
---|---|
https://github.com/master-nan/sweet-cms/commit/146359646a5a90cb09156dbd0013b7df77f2aa6c | Patch |
https://github.com/master-nan/sweet-cms/issues/1 | Exploit Issue Tracking |
https://github.com/master-nan/sweet-cms/issues/2 | Exploit Issue Tracking |
https://vuldb.com/?ctiid.276208 | Permissions Required |
https://vuldb.com/?id.276208 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.398803 | Exploit Third Party Advisory VDB Entry |
Configurations
History
03 Sep 2024, 14:23
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:master-nan:sweet-cms:*:*:*:*:*:*:*:* | |
Summary |
|
|
First Time |
Master-nan
Master-nan sweet-cms |
|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 9.8 |
References | () https://github.com/master-nan/sweet-cms/commit/146359646a5a90cb09156dbd0013b7df77f2aa6c - Patch | |
References | () https://github.com/master-nan/sweet-cms/issues/1 - Exploit, Issue Tracking | |
References | () https://github.com/master-nan/sweet-cms/issues/2 - Exploit, Issue Tracking | |
References | () https://vuldb.com/?ctiid.276208 - Permissions Required | |
References | () https://vuldb.com/?id.276208 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.398803 - Exploit, Third Party Advisory, VDB Entry |
30 Aug 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-30 12:15
Updated : 2024-09-03 14:23
NVD link : CVE-2024-8332
Mitre link : CVE-2024-8332
CVE.ORG link : CVE-2024-8332
JSON object : View
Products Affected
master-nan
- sweet-cms
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')