CVE-2024-43436 — A SQL injection risk flaw was found in the XMLDB editor tool available to site a... | CVE Daily

High CVSS 7.2

Overview

A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators.

CWE: CWE-89 Published: 2024-11-07T14:15:16.247

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.2 (HIGH)
Detected tags: sql (tag impact: MODERATE)

Recommended actions:

Use parameterized queries/ORM (avoid string concatenation).
Add WAF rules and input validation.

Recommended tools

Tags

SQL Injection