Lucene search

TwcertVULNRICHMENT:CVE-2024-6743

HistoryJul 15, 2024 - 6:07 a.m.

CVE-2024-6743 AguardNet Space Management System - SQL injection

2024-07-1506:07:46

CWE-89

twcert

github.com

aguardnet

space management system

sql injection

vulnerability

unauthenticated

remote attackers

database contents.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

AguardNet’s Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:aguardnet:space_management_system:*:*:*:*:*:*:*:*"
    ],
    "vendor": "aguardnet",
    "product": "space_management_system",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2024-04-09-3302",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.twcert.org.tw/en/cp-139-7933-9a38d-2.html

www.twcert.org.tw/tw/cp-132-7932-a6d4d-1.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-6743