CVE-2025-24490

CRITICAL Year: 2025
CVSS v3 Score
9.6
Critical
Weakness Type
CWE-89
View all →

Vulnerability Description

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to use prepared statements in the SQL query of boards reordering which allows an attacker to retrieve data from the database, via a SQL injection when reordering specially crafted boards categories.

Related Vulnerabilities

CVE-2022-0153

CRITICAL
CVSS:9.6(Critical)

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.

CWE-892022

CVE-2022-1883

CRITICAL
CVSS:9.6(Critical)

SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.

CWE-892022

CVE-2023-39336

CRITICAL
CVSS:9.6(Critical)

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve o...

CWE-892023

CVE-2024-29822

CRITICAL
CVSS:9.6(Critical)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

CWE-892024

CVE-2024-29823

CRITICAL
CVSS:9.6(Critical)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

CWE-892024

CVE-2024-29824

CRITICAL
CVSS:9.6(Critical)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

CWE-892024