CVE-2024-50706 - Vulnerability Details

Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Uniguest	Tripleplay

Configuration 1 [-]

OR	cpe:2.3:a:uniguest:tripleplay::::::::
	cpe:2.3:a:uniguest:tripleplay:24.2:::::::*

No data.

References

Link	Providers
https://uniguest.com/cve-bulletins/
https://uniguest.com/wp-content/uploads/2025/02/CVE-2024-50706-Vulnerability-Summary.pdf

History

Wed, 28 May 2025 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Uniguest Uniguest tripleplay
CPEs		cpe:2.3:a:uniguest:tripleplay:::::::: cpe:2.3:a:uniguest:tripleplay:24.2:::::::*
Vendors & Products		Uniguest Uniguest tripleplay

Thu, 17 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Description	Unauthenticated SQL injection vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary SQL queries on the backend database.	Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database.

Tue, 04 Mar 2025 22:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-89
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 04 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
Description		Unauthenticated SQL injection vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary SQL queries on the backend database.
References		https://uniguest.com/cve-bulletins/ https://uniguest.com/wp-content/uploads/2025/02/CVE-2024-50706-Vulnerability-Summary.pdf

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-03-04T00:00:00.000Z

Updated: 2025-04-22T15:43:42.225Z

Reserved: 2024-10-28T00:00:00.000Z

Link: CVE-2024-50706

Vulnrichment

Updated: 2025-03-04T21:29:24.675Z

NVD

Status : Analyzed

Published: 2025-03-04T15:15:19.290

Modified: 2025-05-28T17:26:19.790

Link: CVE-2024-50706

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object