Firmanet Software ERP vulnerable to SQL Injection through 2024
CVE-2024-7837
8.2HIGH
Key Information:
- Vendor
- Firmanet Software
- Status
- Erp
- Vendor
- CVE Published:
- 22 November 2024
Summary
An SQL Injection vulnerability in Firmanet Software ERP has been identified, allowing attackers to send malicious SQL statements that can manipulate or exploit the database. This vulnerability compromises data integrity and poses significant risks to application security. Despite efforts to contact Firmanet Software regarding this issue, no response was received. Organizations using the affected ERP versions should take immediate action to mitigate potential exploitation of this vulnerability.
Affected Version(s)
ERP 0 <= 22.11.2024
References
CVSS V3.1
Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Omer Fatih YEGIN