exploitDog

CVE-2024-7731

Опубликовано: 14 авг. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.

Ссылки

https://www.twcert.org.tw/en/cp-139-8006-036f5-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8005-c3c94-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:secom:dr.id_access_control:*:*:*:*:*:*:*:*

Версия до 3.6.3 (исключая)

EPSS

Процентиль: 75%

0.009

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-24q9-34wm-r8c7

CVSS3: 9.8

github

12 месяцев назад

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.

EPSS

Процентиль: 75%

0.009

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89