daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add classification & update severity

patch-4
Dhiyaneshwaran 2024-06-13 13:44:21 +05:30 committed by GitHub
parent 7a0cdac045
commit 5cf0fe249a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
http/cves/2024/CVE-2024-29824.yaml
View File

@ -3,13 +3,19 @@ id: CVE-2024-29824
info:
name: Ivanti EPM SQL Remote Code Execution via SQL Injection
author: DhiyaneshDK
severity: high
severity: critical
description: |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
reference:
- https://github.com/horizon3ai/CVE-2024-29824
- https://nvd.nist.gov/vuln/detail/CVE-2024-29824
- https://forums.ivanti.com/s/article/Security-Advisory-May-2024
- https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
tags: cve,cve2024,ivanti,epm,sqli,rc
classification:
cvss-metrics: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 9.6
cve-id: CVE-2024-29824
tags: cve,cve2024,ivanti,epm,sqli,rce
http:
- raw: