Security Advisory

CVE-2024-28145

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-12-12 13:36:34

Last updated 2025-11-03 21:54:31

Assigner SEC-VLab

State PUBLISHED

Description

An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNION keyword.

← Browse all CVEs View on cve.org ↗