exploitDog

CVE-2024-9971

Опубликовано: 15 окт. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.

Ссылки

https://www.twcert.org.tw/en/cp-139-8139-4daab-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8138-d2bb7-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:newtype:flowmaster_bpm_plus:*:*:*:*:*:*:*:*

Версия до 5.3.1 (исключая)

EPSS

Процентиль: 80%

0.01441

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-2g6c-2vm9-2g8p

CVSS3: 8.8

github

больше 1 года назад

The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.

EPSS

Процентиль: 80%

0.01441

Низкий

8.8 High

CVSS3

Дефекты

CWE-89