Cyber Resilience

CVE-2024-45622

Critical

Published: 02 September 2024

Published
02 September 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.5739 98.2th percentile
Risk Priority 54 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45622 is a critical-severity SQL Injection (CWE-89) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 1.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

ASIS (Aplikasi Sistem Sekolah), a web application built on CodeIgniter 3, contains a SQL injection vulnerability in the username field processed by index.php. The flaw affects versions 3.0.0 through 3.2.0 and is tracked as CWE-89 with a CVSS 3.1 base score of 9.8.

An unauthenticated remote attacker can supply a crafted username value to bypass authentication entirely, resulting in full read, write, and delete access to the application and its underlying data.

The single reference is a technical disclosure document hosted on GitHub that details the injection vector; no vendor advisory or patch information is supplied in the available references. The associated EPSS score has remained flat at 0.5739 since publication.

EU & UK References

Vulnerability details

ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-89

Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.

addresses: CWE-89

Validates query inputs to prevent SQL syntax or command manipulation.

References