Unauthenticated Remote Attackers Can Inject Arbitrary FetchXml Commands to Read, Modify, and Delete Database Content
CVE-2024-9982

9.8CRITICAL

Key Information:

Vendor: Esi Technology
Status: Aim Line Marketing Platform
Vendor: CVE Published:; 15 October 2024

🔔 Create Esi Technology Vulnerability Alert

What is CVE-2024-9982?

The AIM LINE Marketing Platform from Esi Technology exhibits a vulnerability due to improper validation of a specific query parameter when the LINE Campaign Module is activated. This flaw allows unauthenticated remote attackers to inject arbitrary FetchXml commands, enabling them to read, modify, and delete database content. Such unauthorized actions can severely compromise the integrity and confidentiality of sensitive information within the platform. Implementing robust input validation and ensuring the LINE Campaign Module is securely configured are essential steps to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AIM LINE Marketing Platform 3.3 <= 5.8.4

References

https://www.twcert.org.tw/tw/cp-132-8146-497a2-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8147-eb650-2.html

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Oct 15, 2024

JSON

Esi Technology

What is CVE-2024-9982?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.