CVE-2024-24133
Published: 07 February 2024
Summary
CVE-2024-24133 is a critical-severity SQL Injection (CWE-89) vulnerability in Atmail Atmail. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Account Manipulation (T1098); ranked at the 45.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-21557
Vulnerability details
Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in Atmail login enables arbitrary SQL execution for exploiting public-facing web apps (T1190), extracting data from databases including user privacy (T1213.006), manipulating stored data (T1565.001), deploying web shells via DB inserts (T1505.003), and tampering with accounts (T1098).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.