CVE-2024-45876

EUVD-2024-41697
The login form of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.283.4) at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
balticittopwq
v1.35.283.2 ≤
𝑥
< v1.35.283.4
ADP
Common Weakness Enumeration
References
https://cyber.wtf/2024/11/11/topqw-webportal-cves/