exploitDog

CVE-2024-9982

Опубликовано: 15 окт. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content.

Ссылки

EPSS

Процентиль: 79%

0.01262

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-4wxv-72gg-pr7r

CVSS3: 9.8

github

больше 1 года назад

AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content.

EPSS

Процентиль: 79%

0.01262

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89