← voltar
CVE-2024-9971

NewType FlowMaster BPM Plus - SQL Injection

CVSS 8.8 HIGHEPSS 0.6%CWE-89
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
NewType · FlowMaster BPM Plus

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.twcert.org.tw/en/cp-139-8139-4daab-2.htmlhttps://www.twcert.org.tw/tw/cp-132-8138-d2bb7-1.html