CVE-2024-3373

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RSM Design Website Template allows SQL Injection.This issue affects Website Template: before 1.2.

CVSS

No CVSS.

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-24-1563

Configurations

No configuration.

History

30 Sep 2024, 12:45

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('Inyección SQL') en RSM Design Website Template permite la inyección SQL. Este problema afecta a Website Template: anterior a 1.2.

27 Sep 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-27 15:15

Updated : 2024-09-30 12:45

NVD link : CVE-2024-3373

Mitre link : CVE-2024-3373

CVE.ORG link : CVE-2024-3373

JSON object : View

Products Affected

No product.

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-3373", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 9.2, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-27T15:15:14.577", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-1563", "source": "iletisim@usom.gov.tr"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RSM Design Website Template allows SQL Injection.This issue affects Website Template: before 1.2."}, {"lang": "es", "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en RSM Design Website Template permite la inyecci\u00f3n SQL. Este problema afecta a Website Template: anterior a 1.2."}], "lastModified": "2024-09-30T12:45:57.823", "sourceIdentifier": "iletisim@usom.gov.tr"}