ГлавнаяУязвимости → CVE-2024-32493
8.8высокая

CVE-2024-32493

Описание

An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.

Затрагиваемое ПО
Znuny Znuny
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.znuny.org/en/advisories/zsa-2024-03https://znuny.comhttps://www.znuny.org/en/advisories/zsa-2024-03https://znuny.com