CVE-2024-48072

Name of the Vulnerable Software and Affected Versions Weaver Ecology versions 9.*

Description A SQL injection issue was discovered in the component /mobilemode/Action.jsp with specific parameters such as invoker, action, searchField, fromTable, whereClause, triggerCondition, expression, and fieldValue. This issue could potentially be exploited through the searchField parameter with a value of * and a whereClause of 1=1.

Recommendations For Weaver Ecology versions 9.*, as a temporary workaround, consider restricting access to the /mobilemode/Action.jsp component until a patch is available. Avoid using the searchField parameter with a wildcard value in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.