CVE-2024-6241

MEDIUM

Pear Admin Boot <2.0.2 - SQL Injection

Title source: llm

Description

A vulnerability was found in Pear Admin Boot up to 2.0.2 and classified as critical. This issue affects the function getDictItems of the file /system/dictData/getDictItems/. The manipulation with the input ,user(),1,1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269375.

Exploits (2)

References (4)

Scores

CVSS v3 6.3
EPSS 0.0022
EPSS Percentile 45.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-89
Status published
Products (1)
pearadmin/pear_admin_boot < 2.0.2
Published Jun 21, 2024
Tracked Since Feb 18, 2026