CVE-2024-51962

CRITICAL Year: 2024
CVSS v3 Score
9.6
Critical
Weakness Type
CWE-89
View all →

Vulnerability Description

A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify Column properties allowing for the execution of a SQL Injection by a remote authenticated user with elevated (non admin) privileges. There is a high impact to integrity and confidentiality and no impact to availability.

Related Vulnerabilities

CVE-2022-0153

CRITICAL
CVSS:9.6(Critical)

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.

CWE-892022

CVE-2022-1883

CRITICAL
CVSS:9.6(Critical)

SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.

CWE-892022

CVE-2023-39336

CRITICAL
CVSS:9.6(Critical)

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve o...

CWE-892023

CVE-2024-29822

CRITICAL
CVSS:9.6(Critical)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

CWE-892024

CVE-2024-29823

CRITICAL
CVSS:9.6(Critical)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

CWE-892024

CVE-2024-29824

CRITICAL
CVSS:9.6(Critical)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

CWE-892024