CVE-2024-34533
HIGHZI PT Solusi Usaha Mudah Analytic Data Query <17.0.3 - SQL Injection
Title source: llmDescription
A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute.
References (1)
Core 1
Core References
Various Sources
https://github.com/luvsn/OdZoo/tree/main/exploits/izi_data
Scores
CVSS v3
7.3
EPSS
0.0052
EPSS Percentile
40.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Published
May 06, 2024
Tracked Since
Feb 18, 2026