CVE-2024-5958
CriticalUpdated
Published: 18 September 2024
Published
18 September 2024
Modified
03 June 2026
KEV Added
—
Patch
—
CVSS Score v4
9.4
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score
0.0032
55.3th percentile
Risk Priority
19
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-5958 is a critical-severity SQL Injection (CWE-89) vulnerability in Elizsoftware Panel. Its CVSS base score is 9.4 (Critical).
Operationally, ranked in the top 44.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-47083
Vulnerability details
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection. This issue affects Panel: before v2.3.24.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
elizsoftware
panel
≤ 2.3.24
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.