SQL Injection Vulnerabilities Affecting SportsNET's Version 4.0.1

CVE-2024-29731

9.8CRITICAL

Key Information

Vendor: Sportsnet
Status: Sportsnet
Vendor: CVE Published:; 29 August 2024

Summary

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/checkBlindFields/ , parameters idChallenge and idEmpresa.

Affected Version(s)

SportsNET = 4.0.1

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Aug 29, 2024
Vulnerability Reserved.
Mar 19, 2024

Collectors

NVD DatabaseMitre Database

Credit

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-sportsnet