exploitDog

CVE-2024-0857

Опубликовано: 18 июл. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.This issue affects FlexWater Corporate Water Management: before 5.452.0.

Ссылки

https://www.usom.gov.tr/bildirim/tr-24-1011
Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-24-1011
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:uni-yaz:flexwater_corporate_water_management:*:*:*:*:*:*:*:*

Версия до 5.452.0 (исключая)

EPSS

Процентиль: 37%

0.00159

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-jvrp-rv38-7jhr

CVSS3: 9.8

github

больше 1 года назад

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.This issue affects FlexWater Corporate Water Management: through 18072024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

EPSS

Процентиль: 37%

0.00159

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89