← volver
CVE-2024-9971

NewType FlowMaster BPM Plus - SQL Injection

CVSS 8.8 HIGHEPSS 0.6%CWE-89
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
NewType · FlowMaster BPM Plus

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.twcert.org.tw/en/cp-139-8139-4daab-2.htmlhttps://www.twcert.org.tw/tw/cp-132-8138-d2bb7-1.html