PT-2025-12759 · Sirsidynix · Sirsidynix Horizon Information Portal

Published

2025-03-25

Updated

2025-03-30

CVE-2024-44903

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SirsiDynix Horizon Information Portal versions through 3.25 9382

Description The issue allows SQL Injection to occur. This happens in the ipac.jsp file, specifically in a SELECT WHERE statement, and involves the uri variable within the full inner variable. A patch is available from the vendor.

Recommendations For versions through 3.25 9382, apply the patch provided by the vendor to resolve the issue. As a temporary workaround, consider restricting access to the ipac.jsp file until the patch is applied.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-44903

Affected Products

Sirsidynix Horizon Information Portal

PT-2025-12759 · Sirsidynix · Sirsidynix Horizon Information Portal

CVE-2024-44903

Weakness Enumeration

Related Identifiers

Affected Products

References · 4