CVE-2024-42361 | Apache HertzBeat up to 1.6.0 {metricFull} sql injection (GHSL-2023-254)

Posted by Angelo Barbosa | Aug 21, 2024 | CVE

A vulnerability has been found in Apache HertzBeat up to 1.6.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/monitor/{monitorId}/metric/{metricFull}. The manipulation leads to sql injection.

This vulnerability is known as CVE-2024-42361. The attack can be launched remotely. There is no exploit available.

CVE-2024-42361 | Apache HertzBeat up to 1.6.0 {metricFull} sql injection (GHSL-2023-254)

Related Posts

CVE-2024-0524 | CXBSoft Url-shorting up to 1.3.1 index.php url sql injection

CVE-2024-1957 | GiveWP Plugin up to 3.6.1 on WordPress Shortcode cross site scripting

CVE-2024-33683 | WP Republic Hide Dashboard Notifications Plugin up to 1.2.3 on WordPress cross-site request forgery

CVE-2023-50357 | Areal Webserv1 up to 6.1 cross site scripting