Description

The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.

Related CPE's

a

newtype

flowmaster_bpm_plus

Vulnerable

References

https://www.twcert.org.tw/en/cp-139-8139-4daab-2.html

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-8138-d2bb7-1.html

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-10-15T02:15:05.080Z

1 year ago

Last modified

2024-10-17T18:34:30.257Z

1 year ago