CVE-2024-28145: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Image Access GmbH Scan2Net
An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNION keyword.
CVE-2024-28145: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Image Access GmbH Scan2Net
Description
An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNION keyword.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- SEC-VLab
- Date Reserved
- 2024-03-05T09:15:40.202Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69092623fe7723195e0b471a
Added to database: 11/3/2025, 10:01:07 PM
Last updated: 11/3/2025, 10:02:15 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2023-6175: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark Foundation Wireshark
HighCVE-2023-5992: Observable Discrepancy in Red Hat Red Hat Enterprise Linux 8
MediumCVE-2023-5676: CWE-364: Signal Handler Race Condition in Eclipse Foundation OpenJ9
MediumCVE-2023-52169: n/a
HighCVE-2023-52168: n/a
HighActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.