CVE-2024-9925

SQL injection in QPLANT by TAI Smart Factory

Description

SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ‘email’ parameter on the ‘RequestPasswordChange’ endpoint.

INFO

Published Date :

2024-10-15T08:41:00.321Z

Last Modified :

2024-10-17T11:48:53.608Z

Source :

INCIBE

AFFECTED PRODUCTS

The following products are affected by CVE-2024-9925 vulnerability.

Vendors	Products
Tai Smart Factory	Qplant Sf
Taismartfactory	Qplant Sf

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9925.

URL	Resource
https://incibe.es/en/incibe-cert/notices/aviso-sci/sql-injection-qplant-tai-smart-factory

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact