CVE-2024-44349

CRITICAL NUCLEI

AnteeoWMS < 4.7.34 - Unauthenticated SQL Injection via Login Username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-44349. PoCs published by AndreaF17. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python-based exploit for CVE-2024-44349, an SQL injection vulnerability in Anteeo WMS versions 4.7.x to 4.7.34. The exploit allows for database enumeration and arbitrary SQL query execution via crafted input in the username parameter.

Description

A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB.

Exploits (1)

nomisec WORKING POC
by AndreaF17 · poc
https://github.com/AndreaF17/PoC-CVE-2024-44349

This repository contains a functional Python-based exploit for CVE-2024-44349, an SQL injection vulnerability in Anteeo WMS versions 4.7.x to 4.7.34. The exploit allows for database enumeration and arbitrary SQL query execution via crafted input in the username parameter.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Anteeo WMS v4.7.x to v4.7.34
No auth needed
Prerequisites: Network access to the target Anteeo WMS instance
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

AnteeoWMS < v4.7.34 - SQL Injection
CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch
Shodan: html:"ANTEEO"

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0562
EPSS Percentile 91.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Published Oct 08, 2024
Tracked Since Feb 18, 2026