Critical Vulnerability in Pear Admin Boot Affects Remote Attacks

CVE-2024-6241

9.8CRITICAL

Key Information

Vendor: Pear Admin Boot
Status: Pear Admin Boot
Vendor: CVE Published:; 21 June 2024

Summary

A vulnerability was found in Pear Admin Boot up to 2.0.2 and classified as critical. This issue affects the function getDictItems of the file /system/dictData/getDictItems/. The manipulation with the input ,user(),1,1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269375.

Affected Version(s)

Pear Admin Boot = 2.0.0

Pear Admin Boot = 2.0.1

Pear Admin Boot = 2.0.2

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 9.8 to: 6.3 - (MEDIUM)
Jun 28, 2024
VulDB entry last update
Jun 22, 2024
Risk change from: null to: 6.3 - (MEDIUM)
Jun 22, 2024
VulDB entry created
Jun 21, 2024
Advisory disclosed
Jun 21, 2024
Vulnerability published.
Jun 21, 2024

Collectors

NVD DatabaseMitre Database

Credit

VulDB Gitee Analyzer