cve/2024/CVE-2024-8329.md

### [CVE-2024-8329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8329)
![](https://img.shields.io/static/v1?label=Product&message=6SHR%20System&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)

### Description

6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL command to read, modify, and delete database contents.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update CVE sources 2024-08-30 20:52 2024-08-30 20:52:42 +00:00			`### [CVE-2024-8329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8329)`
			`![](https://img.shields.io/static/v1?label=Product&message=6SHR%20System&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)`

			`### Description`

			`6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL command to read, modify, and delete database contents.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`