TAI Smart Factory SQL Injection Vulnerability
CVE-2024-9925

9.8CRITICAL

Key Information:

Vendor: Tai Smart Factory
Status: Qplant Sf
Vendor: CVE Published:; 15 October 2024

Summary

An SQL injection vulnerability has been identified in TAI Smart Factory's QPLANT SF version 1.0. This vulnerability permits a remote attacker to exploit the 'email' parameter within the 'RequestPasswordChange' endpoint by sending a carefully crafted SQL query. Successful exploitation could enable the attacker to retrieve sensitive information stored in the database, potentially compromising system integrity and confidentiality.

Affected Version(s)

QPLANT SF 1.0

References

https://incibe.es/en/incibe-cert/notices/aviso-sci/sql-in...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Oct 14, 2024

Collectors

NVD DatabaseMitre Database

Credit

Adrián Marín Villar