FKIE_CVE-2024-5771

Vulnerability from fkie_nvd - Published: 2024-06-08 22:15 - Updated: 2026-06-17 08:16
Severity
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&_iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-267454 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
cna@vuldb.comhttps://gentle-khaan-c53.notion.site/Labvantage-LIMS-3bb2137a29944e7e9efc906f23b42a4a
cna@vuldb.comhttps://vuldb.com/?ctiid.267454
cna@vuldb.comhttps://vuldb.com/?id.267454
cna@vuldb.comhttps://vuldb.com/?submit.347403
af854a3a-2127-422b-91ae-364da2661108https://gentle-khaan-c53.notion.site/Labvantage-LIMS-3bb2137a29944e7e9efc906f23b42a4a
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?ctiid.267454
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?id.267454
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?submit.347403
Impacted products
Vendor Product Version
To clipboard 

{
  "affected": [
    {
      "affectedData": [
        {
          "modules": [
            "POST Request Handler"
          ],
          "product": "LIMS",
          "vendor": "LabVantage",
          "versions": [
            {
              "status": "affected",
              "version": "2017"
            }
          ]
        }
      ],
      "source": "cna@vuldb.com"
    },
    {
      "affectedData": [
        {
          "cpes": [
            "cpe:2.3:a:labvantage:lims:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "lims",
          "vendor": "labvantage",
          "versions": [
            {
              "status": "affected",
              "version": "2017"
            }
          ]
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page\u0026page=SampleList\u0026_iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-267454 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad fue encontrada en LabVantage LIMS 2017 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /labvantage/rc?command=page\u0026amp;page=SampleList\u0026amp;_iframename=list del componente POST Request Handler. La manipulaci\u00f3n del argumento param1 conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-267454 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
    }
  ],
  "id": "CVE-2024-5771",
  "lastModified": "2026-06-17T08:16:37.910",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2024-5771",
          "options": [
            {
              "exploitation": "poc"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2024-07-19T15:28:34.134076Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2024-06-08T22:15:48.660",
  "references": [
    {
      "source": "cna@vuldb.com",
      "url": "https://gentle-khaan-c53.notion.site/Labvantage-LIMS-3bb2137a29944e7e9efc906f23b42a4a"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?ctiid.267454"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?id.267454"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?submit.347403"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://gentle-khaan-c53.notion.site/Labvantage-LIMS-3bb2137a29944e7e9efc906f23b42a4a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://vuldb.com/?ctiid.267454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://vuldb.com/?id.267454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://vuldb.com/?submit.347403"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.