go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

ESi Technology AIM LINE Marketing Platform - SQL Injection

TVN ID TVN-202410012
CVE ID CVE-2024-9982
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products AIM LINE Marketing Platform version from 3.3 to 5.8.4.
Description AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content.
Solution Contact the vendor to install the patch or update to version 6.0 or later.
Credit Xin-Yue Song (CHT Security)
Public Date 2024-10-15
Top