CVE-2024-9921

EUVD-2024-50211
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
teamplusteam\+
13.5 ≤
𝑥
< 14.0.0
ADP
Common Weakness Enumeration
References
https://www.twcert.org.tw/en/cp-139-8125-4a1ad-2.html
https://www.twcert.org.tw/tw/cp-132-8124-d9b92-1.html