CVE-2024-8308 MEDIUM

CVE-2024-8308: Siempelkamp: SQL injection due to improper handling of HTTP request input data

Vendor Siempelkamp

Product UmweltOffice

Weakness CWE-89 · SQLi

Published November 28, 2024

Last update November 29, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A low privileged remote attacker can insert a SQL injection in the web application due to improper handling of HTTP request input data which allows to exfiltrate all data.

Key dates

02Disclosure timeline

November 28, 2024 CVE published

November 29, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-8308 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2024-5546 SQL Injection CVE-2025-4262 PHPGurukul Online DJ Booking Management System user-search.php sql injection CVE-2024-43965 WordPress SendGrid for WordPress plugin <= 1.4 - SQL Injection vulnerability CVE-2025-14193 code-projects Employee Profile Management System view_personnel.php sql injection CVE-2023-48716 Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)