cve/CVE-2024-7456.md at cb00e1339f55f9551dd27140c9ce222c7fab7101

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

A SQL injection vulnerability exists in the /api/v1/external-users route of lunary-ai/lunary version v1.4.2. The order by clause of the SQL query uses sql.unsafe without prior sanitization, allowing for SQL injection. The orderByClause variable is constructed without server-side validation or sanitization, enabling an attacker to execute arbitrary SQL commands. Successful exploitation can lead to complete data loss, modification, or corruption.

POC

Reference

No PoCs from references.

Github

https://github.com/77Philly/CVE-2024-7456scripts
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub

1.2 KiB Raw Blame History

CVE-2024-7456

Description

POC

Reference

Github

1.2 KiB

Raw Blame History