Qplant Sf · Qplant Sf · CVE-2024-9925
**Name of the Vulnerable Software and Affected Versions**
QPLANT SF version 1.0
**Description**
The issue is related to a SQL injection vulnerability. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the `email` parameter on the "RequestPasswordChange" endpoint.
**Recommendations**
For QPLANT SF version 1.0, as a temporary workaround, consider validating user input and restricting access to the "RequestPasswordChange" endpoint until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.