.. / CVE-2024-7188

Exploit for Bylancer Quicklancer 2.4 G - SQL Injection (CVE-2024-7188)

Description:

A SQL injection vulnerability exists in the Quicklancer 2.4, GET parameter ‘range2’, that has time-based blind SQL injection and a boolean-based blind SQL injection, which can be exploited remotely by unauthenticated attacker to execute arbitrary SQL queries in the database.

Nuclei Template

View the template here CVE-2024-7188.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-7188.yaml
Copy

References:

https://cvefeed.io/vuln/detail/CVE-2024-7188
https://nvd.nist.gov/vuln/detail/CVE-2024-7188
https://github.com/bigb0x/CVEs/blob/main/quicklancer-2-4.md
https://codecanyon.net/item/quicklancer-freelance-marketplace-php-script/39087135