CVE-2024-44541

CRITICAL

evilnapsis Inventio Lite <v4 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-44541. PoCs published by pointedsec.

AI-analyzed exploit summary This exploit demonstrates an error-based SQL injection in Inventio Lite 4's login process, extracting administrator credentials via blind SQLi and decrypting the password hash using a dictionary attack.

Description

evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."

Exploits (2)

exploitdb WORKING POC

by pointedsec · pythonwebappsphp

https://www.exploit-db.com/exploits/52263

View Code ZIP pw:eip

This exploit demonstrates an error-based SQL injection in Inventio Lite 4's login process, extracting administrator credentials via blind SQLi and decrypting the password hash using a dictionary attack.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Inventio Lite < 4

No auth needed

Prerequisites: Network access to the target application · A valid wordlist for password cracking

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by pointedsec · poc

https://github.com/pointedsec/CVE-2024-44541

View Code ZIP pw:eip

This repository contains a functional SQL injection exploit for CVE-2024-44541 in Inventio Lite v4, targeting the `/action=processlogin` endpoint via the `username` parameter. The Python script automates authentication bypass and data extraction, including administrator credentials.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Inventio Lite v4

No auth needed

Prerequisites: Network access to the target application · Python 3.x environment

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://github.com/evilnapsis/inventio-lite

Various Sources

https://github.com/pointedsec/CVE-2024-44541/

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0259

EPSS Percentile 83.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Published Sep 11, 2024

Tracked Since Feb 18, 2026