Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024.
History

Tue, 17 Sep 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Nac
Nac nacpremium
CPEs cpe:2.3:a:nac:nacpremium:*:*:*:*:*:*:*:*
Vendors & Products Nac
Nac nacpremium
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Tue, 03 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Nac Telecommunication Systems
Nac Telecommunication Systems nacpremium
CPEs cpe:2.3:a:nac_telecommunication_systems:nacpremium:*:*:*:*:*:*:*:*
Vendors & Products Nac Telecommunication Systems
Nac Telecommunication Systems nacpremium
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 02 Sep 2024 12:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024.
Title SQLi in NAC Telecommunication's NACPremium
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2024-09-02T12:25:47.833Z

Updated: 2024-09-03T15:42:01.444Z

Reserved: 2024-07-19T14:25:13.339Z

Link: CVE-2024-6919

cve-icon Vulnrichment

Updated: 2024-09-03T15:41:52.508Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-02T18:15:38.290

Modified: 2024-09-17T15:57:38.043

Link: CVE-2024-6919

cve-icon Redhat

No data.