CVE-2024-52335

Name of the Vulnerable Software and Affected Versions: syngo.plaza VB30E versions prior to VB30E HF05

Description: The issue is related to the lack of protection of the SQL query structure, allowing an attacker to execute arbitrary SQL code and compromise the database. The affected application does not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application to use this vulnerability to execute malicious SQL commands and compromise the whole database.

Recommendations: For syngo.plaza VB30E versions prior to VB30E HF05, update to VB30E HF05 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL server to minimize the risk of exploitation. Avoid using unsanitized input data in SQL queries until the issue is resolved.