go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

SECOM Dr.ID Access control system - SQL injection

TVN ID TVN-202408005
CVE ID CVE-2024-7731
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products Dr.ID Access control system before version 3.6.3.
Description Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
Solution Update Dr.ID Access Control System to version 3.6.3 or later.
Credit Linwz(DEVCORE)
Public Date 2024-08-13
Top