CVE-2024-48509

Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain unauthorized access to the database, retrieve sensitive information, modify or delete data, and execute arbitrary commands.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://medium.com/%40ChadSecurity/the-cve-2024-48509-vulnerability-overview-df58a6be6864	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:lang-learn-guy:learning_with_texts:2.0.3:*:*:*:*:*:*:*

History

23 Jan 2025, 16:50

Type	Values Removed	Values Added
CPE	cpe:2.3:a:learning_with_texts_project:learning_with_texts:2.0.3:::::::*	cpe:2.3:a:lang-learn-guy:learning_with_texts:2.0.3:::::::*
First Time		Lang-learn-guy learning With Texts Lang-learn-guy

Information

Published : 2024-10-21 20:15

Updated : 2025-01-23 16:50

NVD link : CVE-2024-48509

Mitre link : CVE-2024-48509

CVE.ORG link : CVE-2024-48509

JSON object : View

Products Affected

lang-learn-guy

learning_with_texts

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-48509", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-10-21T20:15:14.943", "references": [{"url": "https://medium.com/%40ChadSecurity/the-cve-2024-48509-vulnerability-overview-df58a6be6864", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain unauthorized access to the database, retrieve sensitive information, modify or delete data, and execute arbitrary commands."}, {"lang": "es", "value": "Learning with Texts (LWT) 2.0.3 es vulnerable a la inyecci\u00f3n SQL. Esto ocurre cuando la aplicaci\u00f3n no logra depurar correctamente las entradas del usuario, lo que permite a los atacantes manipular las consultas SQL inyectando instrucciones SQL maliciosas en los par\u00e1metros de la URL. Al explotar esta vulnerabilidad, un atacante podr\u00eda obtener acceso no autorizado a la base de datos, recuperar informaci\u00f3n confidencial, modificar o eliminar datos y ejecutar comandos arbitrarios."}], "lastModified": "2025-01-23T16:50:03.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lang-learn-guy:learning_with_texts:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C21149A-45A1-49B6-AB7D-6E30407C3D22"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}