{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T01:03:01.763","vulnerabilities":[{"cve":{"id":"CVE-2024-28145","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2024-12-12T14:15:22.467","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter \"field\" with the UNION keyword."},{"lang":"es","value":"Un atacante no autenticado puede realizar una inyección SQL accediendo al archivo /class/dbconnect.php y suministrando parámetros GET maliciosos. Los parámetros HTTP GET search, table, field y value son vulnerables. Por ejemplo, se puede realizar una inyección SQL en el parámetro \"field\" con la palabra clave UNION."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":3.4}]},"weaknesses":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://r.sec-consult.com/imageaccess","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"},{"url":"https://www.imageaccess.de/?page=SupportPortal&lang=en","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"},{"url":"http://seclists.org/fulldisclosure/2024/Dec/2","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}