ГлавнаяУязвимости → CVE-2024-7202
9.8критическая

CVE-2024-7202

Описание

The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.

Затрагиваемое ПО
Simopro technology Winmatrix3
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.twcert.org.tw/en/cp-139-7963-44648-2.htmlhttps://www.twcert.org.tw/tw/cp-132-7962-dd216-1.htmlhttps://www.twcert.org.tw/en/cp-139-7963-44648-2.htmlhttps://www.twcert.org.tw/tw/cp-132-7962-dd216-1.html