How severe is CVE-2024-9294?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2024-9294?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2024-9294 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file saveNewPwd.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Related Vulnerabilities

CVE-2005-4349

MEDIUM

CVSS:6.3(Medium)

SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the...

CWE-892005

CVE-2012-3336

MEDIUM

CVSS:6.3(Medium)

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attack...

CWE-892012

CVE-2015-7791

MEDIUM

CVSS:6.3(Medium)

Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column...

CWE-892015

CVE-2016-2301

MEDIUM

CVSS:6.3(Medium)

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CWE-892016

CVE-2016-5939

MEDIUM

CVSS:6.3(Medium)

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the ...

CWE-892016

CVE-2017-1722

MEDIUM

CVSS:6.3(Medium)

IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete inform...

CWE-892017