A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal >= v.3.0 allows authenticated attackers to execute unintended queries and disclose sensitive information from DB tables via crafted requests.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Axefinance
Axefinance axe Credit Portal |
|
CPEs | cpe:2.3:a:axefinance:axe_credit_portal:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mitre
Mitre caldera |
Axefinance
Axefinance axe Credit Portal |
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-04-22T00:00:00
Updated: 2024-11-22T14:45:52.056Z
Reserved: 2024-01-11T00:00:00
Link: CVE-2024-22856
Vulnrichment
Updated: 2024-08-01T22:51:11.098Z
NVD
Status : Awaiting Analysis
Published: 2024-04-22T12:15:07.610
Modified: 2024-11-22T15:15:05.737
Link: CVE-2024-22856
Redhat
No data.