CVE-2024-7071

Name of the Vulnerable Software and Affected Versions Brain Low-Code versions prior to 2.1.0

Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability affects the Hibernate component in Brain Low-Code. The estimated number of potentially affected devices is not specified. There is no information provided about real-world incidents where this issue was exploited. Technical details about exploitation include the improper handling of SQL commands, which can lead to SQL Injection attacks. No specific API endpoints, vulnerable parameters, or function names are mentioned.

Recommendations For Brain Low-Code versions prior to 2.1.0, update to version 2.1.0 or later to fix the SQL Injection vulnerability. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.