PT-2024-38539 · Secom · Dr.Id Access Control System
Linwz
·
Published
2024-08-14
·
Updated
2024-08-22
·
CVE-2024-7731
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dr.ID Access Control System from SECOM versions up to 3.6.2
Description
The issue allows unauthenticated remote attackers to inject SQL commands, enabling them to read, modify, and delete database contents due to improper validation of a specific page parameter.
Recommendations
For Dr.ID Access Control System from SECOM versions up to 3.6.2, upgrade the affected systems immediately to mitigate risks.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dr.Id Access Control System