PT-2023-13359 · Sage · Sage Xrt Business Exchange
Published
2023-01-01
·
Updated
2025-04-11
·
CVE-2022-34324
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sage XRT Business Exchange version 12.4.302
Description
The issue allows an authenticated attacker to inject malicious data in SQL queries, specifically in the following areas: Add Currencies, Payment Order, and Transfer History.
Recommendations
For Sage XRT Business Exchange version 12.4.302, consider restricting access to the SQL queries in the affected areas until a patch is available. As a temporary workaround, avoid using the vulnerable queries in Add Currencies, Payment Order, and Transfer History. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sage Xrt Business Exchange