PT-2024-23618 · Unknown · Cloud Based Customer Service Management Platform
Published
2024-05-10
·
Updated
2024-08-15
·
CVE-2024-30801
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Cloud based customer service management platform version 1.0.0
Description
The issue allows a local attacker to execute arbitrary code via a crafted payload to the "Login.asp" component. This is related to a SQL Injection vulnerability.
Recommendations
For Cloud based customer service management platform version 1.0.0, consider disabling the Login.asp component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of arbitrary code execution.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloud Based Customer Service Management Platform