CVE-2024-22856

April 22, 2024, 1:28 p.m.

None
No Score

Description

A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal >= v.3.0 allows authenticated attackers to execute unintended queries and disclose sensitive information from DB tables via crafted requests.

Product(s) Impacted

Product Versions
Axefinance Axe Credit Portal
  • >= v.3.0

Weaknesses

References

https://www.4rth4s.xyz/2024/04/cve-2024-22856-authenticated-blind-sql.html

Tags

Date

  • Published: April 22, 2024, 12:15 p.m.
  • Last Modified: April 22, 2024, 1:28 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.