SQL Injection Vulnerability in Yonyou TurboCRM Affects Sensitive Data Security
CVE-2021-41746
7.5HIGH
What is CVE-2021-41746?
A SQL Injection vulnerability has been identified in Yonyou TurboCRM, allowing attackers to exploit the 'orgcode' parameter in the 'changepswd.php' file. This security flaw could enable unauthorized access to sensitive database information, raising concerns about data integrity and confidentiality. Proper remediation is critical to safeguard against potential exploitation and protect valuable data assets.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved