CVE-2024-9925

SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ‘email’ parameter on the ‘RequestPasswordChange’ endpoint.
Configurations

Configuration 1 (hide)

cpe:2.3:a:taismartfactory:qplant_sf:1.0:*:*:*:*:*:*:*

History

17 Oct 2024, 18:09

Type Values Removed Values Added
First Time Taismartfactory
Taismartfactory qplant Sf
References () https://incibe.es/en/incibe-cert/notices/aviso-sci/sql-injection-qplant-tai-smart-factory - () https://incibe.es/en/incibe-cert/notices/aviso-sci/sql-injection-qplant-tai-smart-factory - Third Party Advisory
CPE cpe:2.3:a:taismartfactory:qplant_sf:1.0:*:*:*:*:*:*:*

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de inyección SQL en la versión 1.0 de QPLANT SF de TAI Smart Factory. La explotación de esta vulnerabilidad podría permitir a un atacante remoto recuperar toda la información de la base de datos mediante el envío de una consulta SQL especialmente manipulada al parámetro 'email' en el punto de conexión 'RequestPasswordChange'.

15 Oct 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-15 09:15

Updated : 2024-10-17 18:09


NVD link : CVE-2024-9925

Mitre link : CVE-2024-9925

CVE.ORG link : CVE-2024-9925


JSON object : View

Products Affected

taismartfactory

  • qplant_sf
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')