CVE-2024-9972

Description

Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

ChanGate / Property Management System0 – 0

References

MISChttps://www.twcert.org.tw/tw/cp-132-8140-ee91e-1.html
MISChttps://www.twcert.org.tw/en/cp-139-8141-9b045-2.html
MISChttps://www.chtsecurity.com/news/8585c924-4a27-4337-bb44-684adc206432
MISChttps://www.chtsecurity.com/news/4552fc54-18af-4c18-972d-394a68e44a39