SQL Injection Vulnerability in DataLife Engine
CVE-2024-37699

Currently unrated

Key Information:

Vendor: DataLife Engine
Vendor: CVE Published:; 20 June 2024

What is CVE-2024-37699?

A critical vulnerability has been identified in DataLife Engine versions 17.1 and earlier, exposing users to SQL Injection attacks within the dboption component. This flaw allows unauthorized access to databases, potentially manipulating or extracting sensitive information. Attackers can exploit this vulnerability to execute arbitrary SQL commands, compromising the database's integrity and confidentiality. Users and administrators of affected versions are urged to evaluate their configurations and apply necessary updates to mitigate this security risk.

References

https://exploit.az/threads/datalife-engine-dle-sql-inyeks...

https://dle-news.ru/pressrelease/1909-datalife-engine-v17...

https://exploit.az/threads/datalife-engine-dle-sql-inyeks...

Timeline

Vulnerability published
Jun 20, 2024