CVE-2024-24495
published 2024-02-08CVE-2024-24495: SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.33%
67.5th percentile
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| remyandrade | daily_habit_tracker | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on sqlmap User-Agent strings combined with requests to delete-tracker.php, as the PoC uses sqlmap with --technique=T (time-based blind) against this endpoint. ↗
- ·The PoC was tested on Debian only; behavior on other OS/DB configurations may differ. ↗
- ·The vulnerability is exploitable via a simple unauthenticated GET request with no session or authentication required, widening the attack surface. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv5.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
intel-microcode vulnerabilities
osv·2025-05-27·CVSS 5.7
CVE-2024-28956 intel-microcode vulnerabilities
intel-microcode vulnerabilities
Sander Wiebing and Cristiano Giuffrida discovered that some Intel®
Processors did not properly handle data in Shared Microarchitectural
Structures during Transient Execution. An authenticated attacker could
possibly use this issue to obtain sensitive information. (CVE-2024-28956)
It was discovered that some Intel® Processors did not properly handle
prediction calculations. An authenticated attacker could possibly use this
issue to obtain sensitive information. (CVE-2024-43420, CVE-2024-45332,
CVE-2025-20623)
It was discovered that some Intel® Processors did not properly initialize
resources in the branch prediction unit. An authenticated attacker could
possibly use this issue to obtain sensitive information. (CVE-2025-20012,
CVE-2025-24495)
Michal Raviv
GHSA
GHSA-5p29-m8h2-83cg: SQL Injection vulnerability in delete-tracker
ghsa_unreviewed·2024-02-08
CVE-2024-24495 [CRITICAL] CWE-89 GHSA-5p29-m8h2-83cg: SQL Injection vulnerability in delete-tracker
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.
No detection rules found.
No writeups or analysis indexed.
2024-02-08
Published