CVE-2024-28145 Information

Description

An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search table field and value are vulnerable. For example one SQL injection can be performed on the parameter ield\ with the UNION keyword.

Reference

https://r.sec-consult.com/imageaccess https://www.imageaccess.de/?page=SupportPortal&lang=en