SQL Injection Vulnerability in Pear Admin Boot System
CVE-2024-6266

9.8CRITICAL

Key Information:

Vendor: Pear Admin Boot up
Status: Pear Admin Boot
Vendor: CVE Published:; 23 June 2024

🔔 Create Pear Admin Boot up Vulnerability Alert

What is CVE-2024-6266?

A critical SQL injection vulnerability has been identified in Pear Admin Boot, particularly in the loadDictItem function located in the /system/dictData directory. This security flaw permits attackers to exploit the application remotely, leading to unauthorized access and potential data breaches. The issue affects Pear Admin Boot version 2.0.2 and prior versions. As this vulnerability has been publicly disclosed, organizations using affected versions are strongly advised to apply patches and implement security measures to mitigate potential risks. Continuous monitoring and threat assessment are recommended to safeguard sensitive data against potential exploitation.

References

https://vuldb.com/?id.269478

https://vuldb.com/?ctiid.269478

https://gitee.com/pear-admin/Pear-Admin-Boot/issues/IA5K2M

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2024