SQL Injection Vulnerability in LyLme_spage Web Application
CVE-2024-9788

7.2HIGH

Key Information:

Vendor

LyLme

Status
Lylme Spage
Vendor
CVE Published:
10 October 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-9788?

A severe SQL injection vulnerability has been identified in the LyLme_spage web application, specifically affecting version 1.9.5. The vulnerability arises from improper handling of input parameters in the /admin/tag.php file, allowing attackers to manipulate the 'id' argument. This exploitation could enable unauthorized access to the underlying database, potentially exposing sensitive data or facilitating further attacks. The flaw can be exploited remotely, making it critical for system administrators to apply necessary updates or patch the affected software. Despite early disclosure of this vulnerability to the vendor, no response has been recorded, raising concerns about the urgency for remediation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

LyLme_spage 1.9.5

References

https://vuldb.com/?id.279940
vdb-entrytechnical-description
https://vuldb.com/?ctiid.279940
signaturepermissions-required
https://vuldb.com/?submit.414574
third-party-advisory

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

wiki (VulDB User)
JSON
.