exploitDog

CVE-2024-7202

Опубликовано: 29 июл. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.

Ссылки

https://www.twcert.org.tw/en/cp-139-7963-44648-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7962-dd216-1.html
Third Party Advisory
https://www.twcert.org.tw/en/cp-139-7963-44648-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7962-dd216-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simopro_technology:winmatrix3:*:*:*:*:*:*:*:*

Версия до 1.2.35.3 (включая)

EPSS

Процентиль: 73%

0.00789

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-jpvx-wrqv-j9x2

CVSS3: 9.8

github

больше 1 года назад

The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.

EPSS

Процентиль: 73%

0.00789

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89