← back
CVE-2024-9971

NewType FlowMaster BPM Plus - SQL Injection

CVSS 8.8 HIGHEPSS 0.6%CWE-89
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
NewType · FlowMaster BPM Plus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/en/cp-139-8139-4daab-2.htmlhttps://www.twcert.org.tw/tw/cp-132-8138-d2bb7-1.html