WebEIP v3.0 from
NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended to upgrade to the new product.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-8133-2cc3a-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-8132-160bb-1.html | Third Party Advisory |
Configurations
History
19 Oct 2024, 00:42
Type | Values Removed | Values Added |
---|---|---|
First Time |
Newtype
Newtype webeip |
|
References | () https://www.twcert.org.tw/en/cp-139-8133-2cc3a-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-8132-160bb-1.html - Third Party Advisory | |
CPE | cpe:2.3:a:newtype:webeip:3.0:*:*:*:*:*:*:* |
15 Oct 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Oct 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-15 03:15
Updated : 2024-10-19 00:42
NVD link : CVE-2024-9968
Mitre link : CVE-2024-9968
CVE.ORG link : CVE-2024-9968
JSON object : View
Products Affected
newtype
- webeip
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')