CVE-2024-8954
published 2025-03-20CVE-2024-8954: In composiohq/composio version 0.5.10, the API does not validate the `x-api-key` header's value during the authentication step. This vulnerability allows an…
PriorityP268critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
0.82%
52.5th percentile
In composiohq/composio version 0.5.10, the API does not validate the `x-api-key` header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the `x-api-key` header, thereby gaining unauthorized access to the server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| composio | composio | — | — |
| composiohq | composiohq_composio | unspecified – latest | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS AdaptWeb a_index.php CodigoDisciplina Parameter Remote SQL Injection
suricata·2010-07-30·CVSS 7.5
CVE-2009-2152 [HIGH] ET WEB_SPECIFIC_APPS AdaptWeb a_index.php CodigoDisciplina Parameter Remote SQL Injection
ET WEB_SPECIFIC_APPS AdaptWeb a_index.php CodigoDisciplina Parameter Remote SQL Injection
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS AdaptWeb a_index.php CodigoDisciplina Parameter Remote SQL Injection"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/a_index.php?"; nocase; content:"CodigoDisciplina="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2009-2152; reference:url,en.securitylab.ru/nvd/381723.php; reference:url,milw0rm.com/exploits/8954; classtype:web-application-attack; sid:2010022; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, signature_severity Major, tag SQL_Injection, updated_at 2024_
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published