.. / CVE-2024-4295

Exploit for Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash (CVE-2024-4295)

Description:

Email Subscribers by Icegram Express <= 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter.

Nuclei Template

View the template here CVE-2024-4295.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-4295.yaml
Copy

References:

https://github.com/truonghuuphuc/CVE-2024-4295-Poc
https://nvd.nist.gov/vuln/detail/CVE-2024-4295
https://www.wordfence.com/threat-intel/vulnerabilities/id/641123af-1ec6-4549-a58c-0a08b4678f45?source=cve
https://github.com/cve-2024/CVE-2024-4295-Poc