CVE-2024-50584

CVE-2024-50584: SQL Injection

Vendor Image Access Gmbh
Product Scan2Net
Weakness CWE-89 · SQLi
Published December 12, 2024
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the JSON syntax of the templates parameter.

Key dates

02Disclosure timeline

December 12, 2024 CVE published
November 3, 2025 Record updated