A vulnerability has been found in TimGeyssens UIOMatic 5 and classified as critical. This vulnerability affects unknown code of the file /src/UIOMatic/wwwroot/backoffice/resources/uioMaticObject.r. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| Link | Resource |
|---|---|
| https://vuldb.com/?id.283972 | Third Party Advisory VDB Entry |
| https://vuldb.com/?ctiid.283972 | Permissions Required VDB Entry |
| https://github.com/TimGeyssens/UIOMatic/pull/227 | Issue Tracking |
| https://github.com/TimGeyssens/UIOMatic/pull/227#issuecomment-2346074453 | Issue Tracking |
| https://github.com/TimGeyssens/UIOMatic/pull/227#issuecomment-2317993695 | Issue Tracking |
Configurations
History
15 Nov 2024, 22:47
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/TimGeyssens/UIOMatic/pull/227#issuecomment-2346074453 - Issue Tracking | |
| References | () https://github.com/TimGeyssens/UIOMatic/pull/227#issuecomment-2317993695 - Issue Tracking | |
| References | () https://github.com/TimGeyssens/UIOMatic/pull/227 - Issue Tracking | |
| References | () https://vuldb.com/?ctiid.283972 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.283972 - Third Party Advisory, VDB Entry | |
| First Time |
Timgeyssens ui-o-matic
Timgeyssens |
|
| CWE | ||
| CPE | cpe:2.3:a:timgeyssens:ui-o-matic:-:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
12 Nov 2024, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-11-12 14:15
Updated : 2024-11-15 22:47
NVD link : CVE-2024-11124
Mitre link : CVE-2024-11124
JSON object : View
Products Affected
timgeyssens
- ui-o-matic
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')