CVE-2024-26264
EBM Technologies RISWEB - SQL Injection
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.8EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
15 feb 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
EBM Technologies · RISWEB