SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ‘email’ parameter on the ‘RequestPasswordChange’ endpoint.
References
Link | Resource |
---|---|
https://incibe.es/en/incibe-cert/notices/aviso-sci/sql-injection-qplant-tai-smart-factory | Third Party Advisory |
Configurations
History
17 Oct 2024, 18:09
Type | Values Removed | Values Added |
---|---|---|
First Time |
Taismartfactory
Taismartfactory qplant Sf |
|
References | () https://incibe.es/en/incibe-cert/notices/aviso-sci/sql-injection-qplant-tai-smart-factory - Third Party Advisory | |
CPE | cpe:2.3:a:taismartfactory:qplant_sf:1.0:*:*:*:*:*:*:* |
15 Oct 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Oct 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-15 09:15
Updated : 2024-10-17 18:09
NVD link : CVE-2024-9925
Mitre link : CVE-2024-9925
CVE.ORG link : CVE-2024-9925
JSON object : View
Products Affected
taismartfactory
- qplant_sf
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')