CVE-2024-54820: XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability...

9.8 CVSS

Description

XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability allows attackers to extract all usernames and passwords via a crafted input.

Classification

CVE ID: CVE-2024-54820

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.3% (probability of being exploited)

EPSS Percentile: 50.29% (scored less or equal to compared to others)

EPSS Date: 2025-03-25 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: total

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-54820
https://xone.es/
https://github.com/jcarabantes/CVE-2024-54820

Timeline

2025-02-24 18:41:39 UTC
CVE

XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability...
2025-02-24 19:15:20 UTC
DarkWebInformer

CVE-2024-54820: Vulnerability: Unauthenticated SQL Injection - Clear Credentials Dump