CVE Daily

CVE-2024-52360

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injec...

High CVSS 7.6

Overview

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

CWE: CWE-89 Published: 2024-11-19T20:15:32.147
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.6 (HIGH)
  • Detected tags: sql (tag impact: MODERATE)

Recommended actions:

  • Use parameterized queries/ORM (avoid string concatenation).
  • Add WAF rules and input validation.

Recommended tools

Tags