How severe is CVE-2024-34472?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-34472?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2024-34472 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database.

Related Vulnerabilities

CVE-2020-4035

MEDIUM

CVSS:5.9(Medium)

In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause...

CWE-892020

CVE-2020-5725

MEDIUM

CVSS:5.9(Medium)

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafte...

CWE-892020

CVE-2021-36348

MEDIUM

CVSS:5.9(Medium)

iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information ...

CWE-892021

CVE-2021-37806

MEDIUM

CVSS:5.9(Medium)

An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Base...

CWE-892021

CVE-2021-37808

MEDIUM

CVSS:5.9(Medium)

SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is a...

CWE-892021

CVE-2022-2142

MEDIUM

CVSS:5.9(Medium)

The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.

CWE-892022