CVE-2024-1523

Name of the Vulnerable Software and Affected Versions EC-WEB FS-EZViewer(Web) (affected versions not specified)

Description The query functionality in EC-WEB FS-EZViewer(Web) lacks proper restrictions on user input, allowing remote attackers authenticated as regular users to inject SQL commands. This enables them to read, modify, and delete database records, as well as execute system commands. Attackers may leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.