pointedsec/CVE-2024-44541

Releases0

This repository details a SQL Injection vulnerability in Inventio Lite v4's, including exploitation steps and a Python script to automate the attack. It provides information on the vulnerable code, recommended fixes, and how to extract and decrypt administrative credentials.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-44541 ↗	Sep 11, 2024Wednesday, 11 September 2024, 19:15	9.8 CRITICAL	—
evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."