SQL Injection Vulnerability in ERP Product by Unknown Vendor
CVE-2024-42564

Currently unrated

Key Information:

Vendor: Unknown Vendor
Status: ERP
Vendor: CVE Published:; 20 August 2024

🔔 Create Unknown Vendor Vulnerability Alert

What is CVE-2024-42564?

A vulnerability has been identified in an ERP product that allows an SQL injection attack through the id parameter within the URL '/index.php/basedata/inventory/delete?action=delete'. This flaw could enable malicious actors to manipulate database queries, thereby compromising sensitive data and potentially leading to unauthorized access to system functionalities.

References

https://gist.github.com/topsky979/8ccda41cac32fe781b89c6c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2024
Vulnerability Reserved
Aug 5, 2024