Lucene search
TwcertCVE-2024-7202HistoryJul 29, 2024 - 4:15 a.m.
CVE-2024-7202
2024-07-2904:15:02
CWE-89
twcert
web.nvd.nist.gov
34
cve-2024-7202
simopro technology
remote attackers
sql injection
database compromise
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
10
Confidence
High
EPSS
0.001
Percentile
39.4%
The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
Affected configurations
Node
simopro_technologywinmatrix3Range≤1.2.35.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| simopro_technology | winmatrix3 | * | cpe:2.3:a:simopro_technology:winmatrix3:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"packageName": "Web",
"product": "WinMatrix3",
"vendor": "Simopro Technology",
"versions": [
{
"lessThanOrEqual": "1.2.35.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-7202 Simopro Technology WinMatrix3 Web package - SQL Injection
2024-07-29 03:11:27
nvd
nvd
CVE-2024-7202
2024-07-29 04:15:02
cvelist
cvelist
CVE-2024-7202 Simopro Technology WinMatrix3 Web package - SQL Injection
2024-07-29 03:11:27
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
10
Confidence
High
EPSS
0.001
Percentile
39.4%
Related for CVE-2024-7202