SQL Injection Vulnerability in NASA Earth Observing System MODAPS
CVE-2024-46636

9.4CRITICAL

Key Information:

Vendor: NASA
Status: Earth Observing System Data and Information System (EOSDIS) MODAPS
Vendor: CVE Published:; 27 April 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-46636?

The NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 has been identified to be vulnerable to SQL injection through the category parameter. This flaw allows malicious actors to manipulate SQL queries by injecting arbitrary code, potentially leading to unauthorized access to sensitive data. It is crucial for organizations using this system to assess their exposure and implement necessary security measures to mitigate the risks associated with this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-46636-SQLi-MODAPS
Created by NU1L0

References

https://www.linkedin.com/in/abdulrahman-aldossary-842b6b26b/

https://bugcrowd.com/Xnu11

https://github.com/NU1L0/CVE-2024-46636-SQLi-MODAPS

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2026
🟡
Public PoC available
Apr 22, 2026
👾
Exploit known to exist
Apr 22, 2026
Vulnerability Reserved
Sep 11, 2024

CVE-2024-46636 Data

JSON