← back
CVE-2024-39250

CVE-2024-39250

CVSS 9.8 CRITICALEPSS 4.9%CWE-89
Vexday Risk Score
63High priority
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.8EPSS 4.9%KEV nãoPoC públicaNuclei simMetasploit Patch
Lifecycle
13 Jul 2024Public PoC
22 Jul 2024Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
githubgithub.com/efrann/CVE-2024-392501
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/efrann/CVE-2024-39250