What is CVE-2024-47062?

CVE-2024-47062 is a vulnerability in Navidrome, classified under SQL Injection. Published 2024-09-20.

Is CVE-2024-47062 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Navidrome

CVE-2024-47062

Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL…

Vulnerability class: SQL Injection

EPSS: 0.851 (99.4th percentile) — read the EPSS interpretation.

Affected products

Navidrome — versions < 0.53.0

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

saisathvik1/CVE-2024-47062
20142995/nuclei-templates
ARPSyndicate/cve-scores
cyb3r-w0lf/nuclei-template-collection
fahimalshihab/DataSecurity
nomi-sec/PoC-in-GitHub

References

https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2024-47062?: CVE-2024-47062 is a vulnerability in Navidrome, classified under SQL Injection. Published 2024-09-20.
Is CVE-2024-47062 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.