← volver
CVE-2024-29732

SQL Injection vulnerability on SCAN_VISIO eDocument Suite Web Viewer from Abast

CVSS 9.8 CRITICALEPSS 0.5%CWE-89
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.8EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
21 mar 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H