CVE-2024-43436
Description
A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators.
CWE
- CWE-89 — CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Affected
- / — v=0 <4.1.12 [affected]; v=4.2 <4.2.9 [affected]; v=4.3 <4.3.6 [affected]; v=4.4 <4.4.2 [affected]
CVSS
- 3.1 score=7.2 severity=HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2304264 issue-tracking, x_refsource_REDHAT
- https://moodle.org/mod/forum/discuss.php?d=461206
Source
cvelistV5-main/cves/2024/43xxx/CVE-2024-43436.json