Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-44756

Nov. 21, 2024, 5:15 p.m.

Tags

cve@mitre.org
CWE-89
2024-11-18
CVE-2024-44756

Product(s) Impacted

NUS-M9 ERP Management Software

  • 3.0.0

Description

NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin.

Weaknesses

CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CWE ID: 89

Date

Published: Nov. 18, 2024, 5:15 p.m.

Last Modified: Nov. 21, 2024, 5:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://github.com/ cve@mitre.org
https://github.com/ cve@mitre.org