PT-2024-31828 · Baltic It · Baltic-It Topqw Webportal

Majid Lakhnati

Published

2024-11-13

Updated

2024-11-15

CVE-2024-45876

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions baltic-it TOPqw Webportal versions 1.35.283.2 through 1.35.283.3

Description The login form of the baltic-it TOPqw Webportal at "/Apps/TOPqw/Login.aspx" is vulnerable to SQL injection. The vulnerability exists in the txtUsername parameter, which allows for manipulation of SQL queries.

Recommendations For versions 1.35.283.2 through 1.35.283.3, update to version 1.35.283.4 to resolve the issue. As a temporary workaround, consider restricting access to the /Apps/TOPqw/Login.aspx endpoint until a patch is available. Avoid using the txtUsername parameter in the affected login form until the issue is resolved.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-45876

Affected Products

Baltic-It Topqw Webportal

PT-2024-31828 · Baltic It · Baltic-It Topqw Webportal

CVE-2024-45876

Weakness Enumeration

Related Identifiers

Affected Products

References · 5