SQL Injection Vulnerability Affects Media Library Folders
CVE-2024-30486
8.5HIGH
Summary
An SQL Injection vulnerability exists in Max Foundry Media Library Folders, affecting versions from n/a to 8.1.7. This flaw occurs due to improper neutralization of special elements within SQL commands, potentially allowing malicious actors to execute arbitrary SQL queries. Exploitation of this vulnerability can lead to unauthorized data access, data manipulation, and potentially full system compromise if not mitigated. It's crucial for users to update to the latest version to address this security issue.
Affected Version(s)
Media Library Folders <= 8.1.7
References
CVSS V3.1
Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Le Ngoc Anh (Patchstack Alliance)