SQL Injection Vulnerability in Sunnet's eHDR CTMS Allows Remote Attackers to Access Database Contents
CVE-2024-10440

9.8CRITICAL

Key Information:

Vendor: Sunnet
Status: Ehrd Ctms
Vendor: CVE Published:; 28 October 2024

What is CVE-2024-10440?

The eHDR CTMS developed by Sunnet has a significant SQL Injection vulnerability that poses a serious risk to its users. This flaw enables unauthenticated remote attackers to inject arbitrary SQL commands into the database, which can lead to unauthorized reading, modification, or even deletion of sensitive data. As organizations increasingly rely on software for data management, the presence of such vulnerabilities underscores the critical need for proper security measures and timely updates to safeguard against potential exploitation.

Affected Version(s)

eHRD CTMS 0 < 10.0

References

https://www.twcert.org.tw/tw/cp-132-8168-02720-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8169-0632f-2.html

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2024
Vulnerability Reserved
Oct 28, 2024

CVE-2024-10440 Data

JSON