CVE-2024-54445

Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables.

CVSS

No CVSS.

References

Link	Resource
https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La funcionalidad de inicio de sesión contiene una inyección SQL ciega que puede ser explotada por atacantes no autenticados. Mediante una técnica de inyección SQL ciega basada en el tiempo, el atacante puede divulgar todo el contenido de la base de datos. La apropiación de cuentas es un posible resultado, dependiendo de la presencia o ausencia de entradas en ciertas tablas de la base de datos.

14 Mar 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-14 18:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-54445

Mitre link : CVE-2024-54445

CVE.ORG link : CVE-2024-54445

JSON object : View

Products Affected

No product.

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-54445", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@synopsys.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-14T18:15:30.203", "references": [{"url": "https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html", "source": "disclosure@synopsys.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosure@synopsys.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers.\u00a0Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables."}, {"lang": "es", "value": "La funcionalidad de inicio de sesi\u00f3n contiene una inyecci\u00f3n SQL ciega que puede ser explotada por atacantes no autenticados. Mediante una t\u00e9cnica de inyecci\u00f3n SQL ciega basada en el tiempo, el atacante puede divulgar todo el contenido de la base de datos. La apropiaci\u00f3n de cuentas es un posible resultado, dependiendo de la presencia o ausencia de entradas en ciertas tablas de la base de datos."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@synopsys.com"}