CVE-2024-29732

CVSS V2 None CVSS V3 None

Description

A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter.

Overview

CVE ID
CVE-2024-29732

Assigner
INCIBE

Vulnerability Status
PUBLISHED

Published Version
2024-03-21T10:37:08.440Z

Last Modified Date
2024-03-21T10:37:42.062Z

Weakness Enumerations

CWE	URL
CWE-89	http://cwe.mitre.org/data/definitions/89.html

References

Reference URL	Reference Tags
https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-scanvisio-edocument-suite-web-viewer-abast

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-29732
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29732

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 02:32:51				Added to TrackCVE