Epicor · Epicor Prophet 21 · CVE-2024-42844
**Name of the Vulnerable Software and Affected Versions**
EPICOR Prophet 21 (P21) versions up to 23.2.5232
**Description**
A SQL Injection issue has been identified, allowing authenticated remote attackers to execute arbitrary SQL commands through unsanitized user input fields, potentially obtaining unauthorized information.
**Recommendations**
For EPICOR Prophet 21 (P21) versions up to 23.2.5232, update to a version later than 23.2.5232 to resolve the issue.