CVE-2024-48509

{"id": "CVE-2024-48509", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-10-21T20:15:14.943", "references": [{"url": "https://medium.com/%40ChadSecurity/the-cve-2024-48509-vulnerability-overview-df58a6be6864", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain unauthorized access to the database, retrieve sensitive information, modify or delete data, and execute arbitrary commands."}, {"lang": "es", "value": "Learning with Texts (LWT) 2.0.3 es vulnerable a la inyecci\u00f3n SQL. Esto ocurre cuando la aplicaci\u00f3n no logra depurar correctamente las entradas del usuario, lo que permite a los atacantes manipular las consultas SQL inyectando instrucciones SQL maliciosas en los par\u00e1metros de la URL. Al explotar esta vulnerabilidad, un atacante podr\u00eda obtener acceso no autorizado a la base de datos, recuperar informaci\u00f3n confidencial, modificar o eliminar datos y ejecutar comandos arbitrarios."}], "lastModified": "2025-01-23T16:50:03.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lang-learn-guy:learning_with_texts:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C21149A-45A1-49B6-AB7D-6E30407C3D22"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}