go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Gether Technology 6SHR System - SQL Injection

TVN ID TVN-202408009
CVE ID CVE-2024-8329
CVSS 8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products 6SHR System for all version.
Description 6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL command to read, modify, and delete database contents.
Solution Contact the vendor for mitigation.
Credit Loki Huang, Eunice Lin,Mike Huang(安華聯網科技股份有限公司)
Public Date 2024-08-30
Top