CVE-2024-6795

Name of the Vulnerable Software and Affected Versions Connex health portal versions prior to 8/30/2024

Description The issue concerns SQL injection vulnerabilities that could allow an unauthenticated attacker to gain unauthorized access to the Connex portal's database. An attacker could submit a crafted payload to the portal, resulting in modification and disclosure of database content, and/or perform administrative operations, including shutting down the database.

Recommendations For versions prior to 8/30/2024, update to a version released after 8/30/2024 to resolve the issue. As a temporary workaround, consider restricting access to the database and implementing additional security measures to minimize the risk of exploitation.