PT-2024-19588 · Unknown · Axe Credit Portal
4Rth4S
·
Published
2024-04-22
·
Updated
2024-11-22
·
CVE-2024-22856
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Axe Credit Portal versions 3.0 and later
Description
The issue allows authenticated attackers to execute unintended queries and disclose sensitive information from database tables via crafted requests, specifically through the Save Favorite Search function.
Recommendations
For Axe Credit Portal versions 3.0 and later, update to a version that includes a fix for this issue to prevent exploitation.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Axe Credit Portal