CVE-2024-9968

high

Description

WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended to upgrade to the new product.

References

Advisories

https://www.twcert.org.tw/tw/cp-132-8132-160bb-1.html

https://www.twcert.org.tw/en/cp-139-8133-2cc3a-2.html

Details

Source: Mitre, NVD

Published: 2024-10-15

Updated: 2024-10-19

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00382