CVE-2024-28145

CVE-2024-28145: Unauthenticated SQL Injection

Vendor Image Access Gmbh

Product Scan2Net

Weakness CWE-89 · SQLi

Published December 12, 2024

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNION keyword.

Key dates

02Disclosure timeline

December 12, 2024 CVE published

November 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-28145 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2022-0788 WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi CVE-2023-1039 SourceCodester Class and Exam Timetabling System POST Parameter index3.php sql injection CVE-2023-53926 PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter CVE-2026-7392 SourceCodester Pharmacy Sales and Inventory System ajax.php delete_supplier sql injection CVE-2025-12238 code-projects Automated Voting System user.php sql injection