CVE Details: CVE-2024-9980

Description

The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents.

Published Date: 2024-10-15
Last Modified Date: 2024-10-15
Severity: HIGH
CVSS v3 Score: 8.8
CWE ID: CWE-89
Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
User Interaction: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

Back to CVE List