CVE-2024-9971
CVE-2024-9971
8.8
HighPublished:
Last updated:
Source:twcert@cert.org.tw
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.
References
twcert@cert.org.tw
https://www.twcert.org.tw/en/cp-139-8139-4daab-2.htmltwcert@cert.org.tw
https://www.twcert.org.tw/tw/cp-132-8138-d2bb7-1.html