SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query:  https://XXXXXXX.saludydesafio.com/app/ax/checkBlindFields/ , parameters idChallenge and idEmpresa.
History

Fri, 30 Aug 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Sportsnet sportsnet
CPEs cpe:2.3:a:sportsnet:sportsnet:4.0.1:*:*:*:*:*:*:*
Vendors & Products Sportsnet sportsnet

Thu, 29 Aug 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Sportsnet
Sportsnet sportsnetcms
CPEs cpe:2.3:a:sportsnet:sportsnetcms:4.0.1:*:*:*:*:*:*:*
Vendors & Products Sportsnet
Sportsnet sportsnetcms
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 29 Aug 2024 09:30:00 +0000

Type Values Removed Values Added
Description SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query:  https://XXXXXXX.saludydesafio.com/app/ax/checkBlindFields/ , parameters idChallenge and idEmpresa.
Title Multiple vulnerabilities in SportsNET
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2024-08-29T09:20:52.101Z

Updated: 2024-08-29T13:03:18.005Z

Reserved: 2024-03-19T07:42:30.141Z

Link: CVE-2024-29731

cve-icon Vulnrichment

Updated: 2024-08-29T12:59:54.726Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-29T11:15:25.760

Modified: 2024-08-30T15:49:30.047

Link: CVE-2024-29731

cve-icon Redhat

No data.