CVE-2024-29432

Name of the Vulnerable Software and Affected Versions Alldata version 0.4.6

Description A SQL injection issue was discovered via the tablename parameter at the "/data/masterdata/datas" API endpoint. This allows for potential exploitation.

Recommendations For Alldata version 0.4.6, as a temporary workaround, consider restricting access to the /data/masterdata/datas API endpoint until a patch is available. Avoid using the tablename parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.