CVE-2024-1301

CRITICAL

Badger Meter Monitool < 4.7 - SQL Injection via j_username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-1301. PoCs published by guillermogm4.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-1301, a SQL injection vulnerability in Badgermeter moni tool version 4.6.3. It includes proof of concept payloads and screenshots demonstrating blind SQL injection techniques to exploit the vulnerability in the j_username parameter.

Description

SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the j_username parameter and retrieve the information stored in the database.

Exploits (1)

nomisec WRITEUP
by guillermogm4 · poc
https://github.com/guillermogm4/CVE-2024-1301---Badgermeter-moni-tool-SQL-Injection

This repository provides a detailed technical analysis of CVE-2024-1301, a SQL injection vulnerability in Badgermeter moni tool version 4.6.3. It includes proof of concept payloads and screenshots demonstrating blind SQL injection techniques to exploit the vulnerability in the j_username parameter.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Badgermeter moni tool version 4.6.3
No auth needed
Prerequisites: Network access to the target system · Knowledge of SQL injection techniques
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0216
EPSS Percentile 79.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
badgermeter/monitool < 4.7
Published Mar 12, 2024
Tracked Since Feb 18, 2026