CVE-2024-9971

Sažetak

The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.

Reference

https://www.twcert.org.tw/en/cp-139-8139-4daab-2.html
https://www.twcert.org.tw/tw/cp-132-8138-d2bb7-1.html

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

17-10-2024 - 20:34

Objavljeno

15-10-2024 - 04:15