CVE-2024-22856

EUVD-2024-20386
A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal >= v.3.0 allows authenticated attackers to execute unintended queries and disclose sensitive information from DB tables via crafted requests.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
axefinanceaxe_credit_portal
𝑥
≤ 3.0
ADP
Common Weakness Enumeration
References
https://www.4rth4s.xyz/2024/04/cve-2024-22856-authenticated-blind-sql.html
https://www.4rth4s.xyz/2024/04/cve-2024-22856-authenticated-blind-sql.html