CVE-2024-44542

CRITICAL

Todesk 1.1 - SQL Injection

Title source: llm

Description

SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.

Exploits (1)

nomisec WRITEUP
by sshipanoo · poc
https://github.com/sshipanoo/CVE-2024-44542

References (1)

Scores

CVSS v3 9.8
EPSS 0.2814
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
todesk/todesk 1.1
Published Sep 18, 2024
Tracked Since Feb 18, 2026