How severe is CVE-2024-12832?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.3 out of 10.

What type of vulnerability is CVE-2024-12832?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2024-12832 - HIGH Severity | CVSS 8.3

Vulnerability Description

Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the www-data user. Was ZDI-CAN-24325.

Related Vulnerabilities

CVE-2019-20361

HIGH

CVSS:8.3(High)

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerabil...

CWE-892019

CVE-2022-0224

HIGH

CVSS:8.3(High)

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

CWE-892022

CVE-2022-0258

HIGH

CVSS:8.3(High)

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

CWE-892022

CVE-2022-33147

HIGH

CVSS:8.3(High)

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can se...

CWE-892022

CVE-2022-33148

HIGH

CVSS:8.3(High)

CWE-892022

CVE-2022-33149

HIGH

CVSS:8.3(High)

CWE-892022