Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-24213)

Description

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP Admin UI Customize Cross-Site Scripting (1.5.2.6)

WordPress Plugin Smash Balloon Social Post Feed Security Bypass (4.0)

WordPress Plugin WPML (WordPress Multilingual) Cross-Site Request Forgery (4.3.6)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3225)

WordPress Plugin Background Music Cross-Site Scripting (1.0)

Severity

Critical

Classification

CVE-2024-24213 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities