| |
Vulnerability CVE-2024-9982
Published: 2024-10-15
Description: |
AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content. |
Type:
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))
References: |
https://www.twcert.org.tw/tw/cp-132-8146-497a2-1.html
https://www.twcert.org.tw/en/cp-139-8147-eb650-2.html
|
|
|
Copyright 2024, cxsecurity.com
|
|
|