Vulnerabilities > CVE-2024-7202 - Unspecified vulnerability in Simopro Technology Winmatrix3

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

simopro-technology

critical

NVD

Published: 2024-07-29

Updated: 2024-11-21

Summary

The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.

Vulnerable Configurations

Part	Description	Count
Application	Simopro_Technology Simopro Technology Winmatrix3 *	1

References

https://www.twcert.org.tw/en/cp-139-7963-44648-2.html
https://www.twcert.org.tw/en/cp-139-7963-44648-2.html
https://www.twcert.org.tw/tw/cp-132-7962-dd216-1.html
https://www.twcert.org.tw/tw/cp-132-7962-dd216-1.html