CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-22108

An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Administrator password to a known value.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.4%

CVSS Severity

CVSS v3 Score 9.8

References

https://adepts.of0x.cc/gtbcc-pwned/
https://x-c3ll.github.io/cves.html
https://adepts.of0x.cc/gtbcc-pwned/
https://x-c3ll.github.io/cves.html

Products affected by CVE-2024-22108

Gttb » Gtb Central Console » Version: 15.17.1-30814.ng

cpe:2.3:a:gttb:gtb_central_console:15.17.1-30814.ng

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-22108

Products

Pricing

Contact Us