Lucene search

TR-CERTVULNRICHMENT:CVE-2024-6919

HistorySep 02, 2024 - 12:25 p.m.

CVE-2024-6919 SQLi in NAC Telecommunication's NACPremium

2024-09-0212:25:47

CWE-89

TR-CERT

github.com

cve-2024-6919

sql injection

nac telecommunication's nacpremium

nac telecommunication systems inc.

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N/AU:Y/R:U/V:C/RE:L

AI Score

7.7

Confidence

Low

EPSS

0.001

Percentile

39.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:nac_telecommunication_systems:nacpremium:*:*:*:*:*:*:*:*"
    ],
    "vendor": "nac_telecommunication_systems",
    "product": "nacpremium",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "01082024"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.usom.gov.tr/bildirim/tr-24-1376

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N/AU:Y/R:U/V:C/RE:L

AI Score

7.7

Confidence

Low

EPSS

0.001

Percentile

39.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-6919