Firmanet Software ERP vulnerable to SQL Injection through 2024
CVE-2024-7837

8.2HIGH

Key Information:

Vendor: Firmanet Software
Status: Erp
Vendor: CVE Published:; 22 November 2024

🔔 Create Firmanet Software Vulnerability Alert

What is CVE-2024-7837?

An SQL Injection vulnerability in Firmanet Software ERP has been identified, allowing attackers to send malicious SQL statements that can manipulate or exploit the database. This vulnerability compromises data integrity and poses significant risks to application security. Despite efforts to contact Firmanet Software regarding this issue, no response was received. Organizations using the affected ERP versions should take immediate action to mitigate potential exploitation of this vulnerability.

Affected Version(s)

ERP 0 <= 22.11.2024

References

https://www.usom.gov.tr/bildirim/tr-24-1868

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024
Vulnerability Reserved
Aug 15, 2024

Credit

Omer Fatih YEGIN