Grand Vice info's Webopac vulnerable to SQL Injection
CVE-2024-11020

9.8CRITICAL

Key Information:

Vendor: Grand Vice Info
Status: Webopac7
Vendor: CVE Published:; 11 November 2024

🔔 Create Grand Vice Info Vulnerability Alert

What is CVE-2024-11020?

Webopac, developed by Grand Vice Info, contains a vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL commands through SQL Injection. This vulnerability can lead to unauthorized access to the underlying database, enabling attackers to read, modify, or delete critical data. Organizations using affected versions of Webopac should prioritize the application of security patches and implement additional protective measures to safeguard their database integrity.

Affected Version(s)

Webopac7 6 < 6.5.1

Webopac7 7 < 7.2.3

References

https://www.twcert.org.tw/tw/cp-132-8217-05b42-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8218-e238b-2.html

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2024
Vulnerability Reserved
Nov 8, 2024