FKIE_CVE-2024-7201

Vulnerability from fkie_nvd - Published: 2024-07-29 03:15 - Updated: 2024-11-21 09:51
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
References
twcert@cert.org.twhttps://www.twcert.org.tw/en/cp-139-7961-c575f-2.htmlThird Party Advisory
twcert@cert.org.twhttps://www.twcert.org.tw/tw/cp-132-7960-0ee18-1.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.twcert.org.tw/en/cp-139-7961-c575f-2.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.twcert.org.tw/tw/cp-132-7960-0ee18-1.htmlThird Party Advisory
Impacted products
Vendor Product Version
simopro_technology winmatrix3 *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:simopro_technology:winmatrix3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E12AD4D-BB78-48B4-AF50-5A4E0109E4A6",
              "versionEndIncluding": "1.2.33.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents."
    },
    {
      "lang": "es",
      "value": " La funcionalidad de inicio de sesi\u00f3n del paquete web WinMatrix3 de Simopro Technology carece de una validaci\u00f3n adecuada de la entrada del usuario, lo que permite a atacantes remotos no autenticados inyectar comandos SQL para leer, modificar y eliminar contenidos de la base de datos."
    }
  ],
  "id": "CVE-2024-7201",
  "lastModified": "2024-11-21T09:51:05.037",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "twcert@cert.org.tw",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-29T03:15:03.267",
  "references": [
    {
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/en/cp-139-7961-c575f-2.html"
    },
    {
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/tw/cp-132-7960-0ee18-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/en/cp-139-7961-c575f-2.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/tw/cp-132-7960-0ee18-1.html"
    }
  ],
  "sourceIdentifier": "twcert@cert.org.tw",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "twcert@cert.org.tw",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.