CVE-2024-48573

CRITICAL

Aquila-cms Aquilacms < 1.409.20 - SQL Injection

Title source: rule

Description

A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature.

Exploits (1)

exploitdb WORKING POC

by Eui Chul Chung · pythonwebappsphp

https://www.exploit-db.com/exploits/52164

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-48573

Scores

CVSS v3 9.8

EPSS 0.0042

EPSS Percentile 61.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

aquila-cms/aquilacms < 1.409.20

Published Oct 29, 2024

Tracked Since Feb 18, 2026