mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-19 17:32:41 +00:00
108 lines
3.5 KiB
JSON
108 lines
3.5 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-7201",
|
|
"ASSIGNER": "cve@cert.org.tw",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
|
|
"cweId": "CWE-89"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Simopro Technology",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "WinMatrix3",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "0",
|
|
"version_value": "1.2.33.3"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://www.twcert.org.tw/tw/cp-132-7960-0ee18-1.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.twcert.org.tw/tw/cp-132-7960-0ee18-1.html"
|
|
},
|
|
{
|
|
"url": "https://www.twcert.org.tw/en/cp-139-7961-c575f-2.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.twcert.org.tw/en/cp-139-7961-c575f-2.html"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"advisory": "TVN-202407012",
|
|
"discovery": "EXTERNAL"
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "Update WinMatrix3 Web package to 1.2.35.3 or later version."
|
|
}
|
|
],
|
|
"value": "Update WinMatrix3 Web package to 1.2.35.3 or later version."
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |