CVE-2024-38882

Name of the Vulnerable Software and Affected Versions Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405

Description The issue allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command.

Recommendations For versions 16.0.1.1663 through 24.0.1.2405, consider restricting access to SQL commands to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.