CVE-2024-43145SQL Injection in Geodirectory

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGHNVD
CNA8.5
EPSS
0.5%
top 33.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ayecode GeodirectoryAyecode LTD Geodirectory
Timeline
PublishedAug 18
Latest updateAug 19

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDayecode/geodirectory< 2.3.62
CVEListV5ayecode_ltd/geodirectoryn/a2.3.61

🔴Vulnerability Details

2
GHSA
GHSA-fhjf-8266-gqfg: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode Ltd GeoDirectory2024-08-19
CVEList
WordPress GeoDirectory plugin <= 2.3.61 - SQL Injection vulnerability2024-08-18
CVE-2024-43145 — SQL Injection in Ayecode Geodirectory | cvebase