CVE-2024-30490
published 2024-03-29CVE-2024-30490: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.27%
80.8th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| metagauss | profilegrid | < 5.7.9 | 5.7.9 |
| metagauss | profilegrid | n/a – 5.7.8 | — |
Detection & IOCsextracted from sources · hover to see the quote
otherProfileGrid =7'
- →Target the ProfileGrid WordPress plugin versions up to and including 5.7.8 for SQL injection vulnerability (CVE-2024-30490); payloads likely manipulate group-related query parameters. ↗
- ·The nuclei/detection template digest should be verified against the canonical template repository before deployment, as the source URL for the template document was not provided.
- ·The SQL injection affects all ProfileGrid versions from n/a through 5.7.8; versions above 5.7.8 are not confirmed vulnerable per the NVD advisory. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
ProfileGrid <= 5.7.8 - SQL Injection
nuclei·CVSS 9.8
CVE-2024-30490 [CRITICAL] ProfileGrid <= 5.7.8 - SQL Injection
ProfileGrid =7'
- 'contains_all(body, "No group matches found.", "pm-")'
- 'status_code == 200'
condition: and
# digest: 4b0a0048304602210097effcdfe8b30a5ae811036a6cba97a10debe6364e111a079bf83c5371dc62a2022100f9b8b72398e0ff222681f69ba37f6e7c9f77e24f78a52bf253f3a9ca9030d845:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-8-sql-injection-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-8-sql-injection-vulnerability?_s_id=cve
2024-03-29
Published