CVE-2024-6919

Name of the Vulnerable Software and Affected Versions NACPremium versions through 01082024

Description The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This allows for Blind SQL Injection, which can potentially compromise data. The estimated number of affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Technical details about exploitation include the use of SQL commands, but specific API endpoints, vulnerable parameters, or function names are not mentioned.

Recommendations For NACPremium versions through 01082024, update to a supported version immediately to reduce exposure and prevent data compromise. As a temporary workaround, consider restricting access to sensitive data until a patch is available. Prioritize upgrading to prevent potential cyber attacks. At the moment, there is no information about a specific newer version that contains a fix for this vulnerability, but upgrading to a supported version is recommended.