PT-2024-25953 · Unknown · Zi Pt Solusi Usaha Mudah Analytic Data Query Module
Published
2024-05-06
·
Updated
2024-07-03
·
CVE-2024-34533
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi data) versions 11.0 through 17.x before 17.0.3
Description
A SQL injection vulnerability in the Analytic Data Query module allows a remote attacker to gain privileges via a query to
IZITools::query check, IZITools::query fetch, or IZITools::query execute. This issue enables an attacker to potentially execute malicious SQL code, compromising the security of the system.Recommendations
For versions 11.0 through 17.x before 17.0.3, update to version 17.0.3 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
IZITools::query check, IZITools::query fetch, and IZITools::query execute functions until a patch is available.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zi Pt Solusi Usaha Mudah Analytic Data Query Module