CVE-2024-9982

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-9982
AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.twcert.org.tw/en/cp-139-8147-eb650-2.html
https://www.twcert.org.tw/tw/cp-132-8146-497a2-1.html
Configurations

No configuration.

History

No history.

Information

Published : 2024-10-15 08:15

Updated : 2024-10-15 12:57

NVD link : CVE-2024-9982

Mitre link : CVE-2024-9982

CVE.ORG link : CVE-2024-9982

JSON object : View

Products Affected

No product.

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')