### [CVE-2024-29732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29732)
![](https://img.shields.io/static/v1?label=Product&message=SCAN_VISIO%20eDocument%20Suite%20Web%20Viewer&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%203.28.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)

### Description

A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/NaInSec/CVE-LIST