Lucene search

[email protected]NVD:CVE-2024-6743

HistoryJul 15, 2024 - 7:15 a.m.

CVE-2024-6743

2024-07-1507:15:25

CWE-89

[email protected]

web.nvd.nist.gov

aguardnet

sql injection

database security

remote attackers

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.4%

JSON

AguardNet’s Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Affected configurations

Nvd

Node

space_management_system_projectspace_management_systemRange<2024-04-09-3302

space_management_system_projectspace_management_systemMatch2024-04-09-3302

VendorProductVersionCPE
space_management_system_projectspace_management_system*cpe:2.3:a:space_management_system_project:space_management_system:*:*:*:*:*:*:*:*
space_management_system_projectspace_management_system2024-04-09-3302cpe:2.3:a:space_management_system_project:space_management_system:2024-04-09-3302:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
space_management_system_project	space_management_system	*	cpe:2.3:a:space_management_system_project:space_management_system::::::::
space_management_system_project	space_management_system	2024-04-09-3302	cpe:2.3:a:space_management_system_project:space_management_system:2024-04-09-3302:::::::*

References

www.twcert.org.tw/en/cp-139-7933-9a38d-2.html

www.twcert.org.tw/tw/cp-132-7932-a6d4d-1.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.4%

JSON

Related for NVD:CVE-2024-6743

vulnrichment1 cvelist1 cve1