CVE-2024-7201

{"id": "CVE-2024-7201", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-07-29T03:15:03.267", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-7961-c575f-2.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-7960-0ee18-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents."}, {"lang": "es", "value": " La funcionalidad de inicio de sesi\u00f3n del paquete web WinMatrix3 de Simopro Technology carece de una validaci\u00f3n adecuada de la entrada del usuario, lo que permite a atacantes remotos no autenticados inyectar comandos SQL para leer, modificar y eliminar contenidos de la base de datos."}], "lastModified": "2024-09-10T21:16:34.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:simopro_technology:winmatrix3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E12AD4D-BB78-48B4-AF50-5A4E0109E4A6", "versionEndIncluding": "1.2.33.3"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}