CVE-2024-29732

CRITICAL

SCAN_VISIO eDocument Suite Web Viewer - SQL Injection

Title source: llm
STIX 2.1

Description

A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter.

Scores

CVSS v3 9.8
EPSS 0.0055
EPSS Percentile 41.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
Abast/SCAN_VISIO eDocument Suite Web Viewer 3.28.1
Published Mar 21, 2024
Tracked Since Feb 18, 2026