SQL Injection Vulnerability in Znuny LTS and Znuny Versions
CVE-2024-32493
8.8HIGH
What is CVE-2024-32493?
A security weakness exists in Znuny LTS and Znuny products due to improper handling of the draft form ID parameter in AJAX requests. This vulnerability allows authenticated agents to craft malicious SQL queries, which may lead to unauthorized data access or manipulation. Systems using affected versions should prioritize applying relevant patches and reviewing security measures to mitigate potential exploitation risks.