CVE-2024-38889

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command.
Configurations

Configuration 1 (hide)

cpe:2.3:a:horizoncloud:caterease:*:*:*:*:*:*:*:*

History

10 Sep 2024, 16:38

Type Values Removed Values Added
First Time Horizoncloud
Horizoncloud caterease
CVSS v2 : unknown
v3 : 9.6
v2 : unknown
v3 : 9.8
CWE CWE-89
CPE cpe:2.3:a:horizoncloud:caterease:*:*:*:*:*:*:*:*
References () http://caterease.com - () http://caterease.com - Product
References () http://horizon.com - () http://horizon.com - Product
References () https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html - () https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html - Third Party Advisory
References () https://vuldb.com/?id.273373 - () https://vuldb.com/?id.273373 - VDB Entry

08 Aug 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.6
CWE CWE-78

07 Aug 2024, 16:15

Type Values Removed Values Added
References
  • () https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html -

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) Un problema en Horizon Business Services Inc. Caterease 16.0.1.1663 hasta 24.0.1.2405 y posiblemente versiones posteriores, permite a un atacante remoto realizar una inyección SQL debido a una neutralización inadecuada de elementos especiales utilizados en un comando SQL.

02 Aug 2024, 20:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 20:17

Updated : 2024-09-10 16:38


NVD link : CVE-2024-38889

Mitre link : CVE-2024-38889

CVE.ORG link : CVE-2024-38889


JSON object : View

Products Affected

horizoncloud

  • caterease
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')