Security Advisory

CVE-2024-26264

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-15 03:02:37

Last updated 2024-08-06 15:34:02

Assigner twcert

State PUBLISHED

Description

EBM Technologies RISWEBs specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records.

← Browse all CVEs View on cve.org ↗