QwikSec

Security Database

CVE

CWE

Training

CVE-2024-28145

Published: Dec 12, 2024

Modified: Nov 3, 2025

PUBLISHED

Description

An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNION keyword.

Vendor	Product	Versions
Image Access GmbH	Scan2Net	affected `0 - < 7.40`

Weaknesses (CWE)

References

https://r.sec-consult.com/imageaccess

third-party-advisory

https://www.imageaccess.de/?page=SupportPortal&lang=en

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.