CVE-2024-9925

Name of the Vulnerable Software and Affected Versions QPLANT SF version 1.0

Description The issue is related to a SQL injection vulnerability. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the email parameter on the "RequestPasswordChange" endpoint.

Recommendations For QPLANT SF version 1.0, as a temporary workaround, consider validating user input and restricting access to the "RequestPasswordChange" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.