← Volver a CVEs
CVE-2024-52335
CRITICAL9.8
Descripcion
A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/6/2024
Ultima modificacion12/6/2024
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-89
Referencias
https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-160244(productcert@siemens.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.