← back
CVE-2024-29724criticalCWE-89

Multiple vulnerabilities in SportsNET

28Vexday Risk Score

No sign of exploitation. No public exploitation artifact known so far.

ssvc Trackcvss 9.8epss 0.4%
exploitation probability
0.4%top 67% of all CVEs
observed exploitation
nono source reports it
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ax/registerSp/, parameter idDesafio.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
SportsNET · SportsNET