CVE-2024-9982

ESi Technology AIM LINE Marketing Platform - SQL Injection

Description

AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content.

INFO

Published Date :

2024-10-15T08:04:36.002Z

Last Modified :

2024-10-15T13:50:03.749Z

Source :

twcert

AFFECTED PRODUCTS

The following products are affected by CVE-2024-9982 vulnerability.

Vendors	Products
Esi Technology	Aim Line Marketing Platform

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9982.

URL	Resource
https://www.twcert.org.tw/en/cp-139-8147-eb650-2.html
https://www.twcert.org.tw/tw/cp-132-8146-497a2-1.html

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact