CVE-2024-29726 Information

Aug 30, 2024 cve

Description

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/setAsRead/ parameter id.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet

Share on: