CVE-2024-42844

{"id": "CVE-2024-42844", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2025-03-06T15:15:15.800", "references": [{"url": "https://gist.github.com/getHecked/dc4ae46526d181d3deb17092815b9bec", "source": "cve@mitre.org"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A SQL Injection vulnerability has been identified in EPICOR Prophet 21 (P21) up to 23.2.5232. This vulnerability allows authenticated remote attackers to execute arbitrary SQL commands through unsanitized user input fields to obtain unauthorized information"}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de inyecci\u00f3n SQL en EPICOR Prophet 21 (P21) hasta la versi\u00f3n 23.2.5232. Esta vulnerabilidad permite a atacantes remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de campos de entrada de usuario no depurados para obtener informaci\u00f3n no autorizada."}], "lastModified": "2025-03-06T17:15:18.793", "sourceIdentifier": "cve@mitre.org"}