| |
Vulnerability CVE-2024-9925
Published: 2024-10-15
| Description: |
SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ??email?? parameter on the ??RequestPasswordChange?? endpoint. |
Type:
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))
References: |
https://incibe.es/en/incibe-cert/notices/aviso-sci/sql-injection-qplant-tai-smart-factory
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
