go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

FormosaSoft ee-class - SQL Injection

TVN ID TVN-202410010
CVE ID CVE-2024-9980
CVSS 8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products ee-class before version 20240326.13r14494
Description The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents.
Solution Update to version 20240326.13r14494 or later.
Credit Fi Liu (CHT Security)
Public Date 2024-10-15
Top