A SQL injection vulnerability exists in the Quicklancer 2.4, GET parameter ‘range2’, that has time-based blind SQL injection and a boolean-based blind SQL injection, which can be exploited remotely by unauthenticated attacker to execute arbitrary SQL queries in the database.
View the template here CVE-2024-7188.yaml
References:
https://cvefeed.io/vuln/detail/CVE-2024-7188