CVE-2024-9982

Name of the Vulnerable Software and Affected Versions AIM LINE Marketing Platform from Esi Technology (affected versions not specified)

Description The AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the LINE Campaign Module until a patch is available. Restrict access to the vulnerable query parameter to minimize the risk of exploitation. Avoid using the vulnerable query parameter in the affected API endpoint until the issue is resolved.