CVE-2020-11597

CRITICAL

CIPPlanner CIPAce < 9.1 - Unauthenticated SQL Injection

Title source: llm
STIX 2.1

Description

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner.

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0148
EPSS Percentile 71.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
cipplanner/cipace < 9.1
Published Apr 06, 2020
Tracked Since Feb 18, 2026