CVE-2024-44349

CRITICAL NUCLEI

AnteeoWMS <4.7.34 - SQL Injection

Title source: llm

Description

A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB.

Exploits (1)

nomisec WORKING POC

by AndreaF17 · poc

https://github.com/AndreaF17/PoC-CVE-2024-44349

View Code ZIP pw:eip

Nuclei Templates (1)

AnteeoWMS < v4.7.34 - SQL Injection

CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: html:"ANTEEO"

References (3)

[Various Sources] https://blog.cybergon.com/posts/cve-2024-44349/

[Various Sources] https://cybergon.com/

[Various Sources] https://github.com/AndreaF17/PoC-CVE-2024-44349

Scores

CVSS v3 9.8

EPSS 0.7620

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Published Oct 08, 2024

Tracked Since Feb 18, 2026