CVE-2024-9925
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-9925 identifies a critical SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0, which allows remote attackers to retrieve all database information by crafting a malicious SQL query directed at the 'email' parameter on the 'RequestPasswordChange' endpoint. Affected products include version 1.0 of QPLANT SF, which poses significant risks due to its potential to compromise both confidentiality and integrity of data, with a CVSS base score of 9.8 indicating high severity. Remediation steps should involve patching the software or implementing input validation measures to mitigate the risk of SQL injection attacks. The vulnerability requires no privileges or user interaction for exploitation, thus increasing its threat level for organizations utilizing this product. Organizations are advised to act promptly to safeguard sensitive information from unauthorized access and maintain data integrity.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.