【Vulnerability Alert】 Major Security Vulnerability in ChanGate Enterprise Property Management Information System (CVE-2024-9972)

publish date : 2024-10-22 update date : 2024-10-22

Source: Ministry of education information & communication security contingency platform


Publication Number	TACERT-ANA-2024101810100505	Publication Time	2024/10/18 10:32
Incident Type	ANA-Vulnerability Alert	Discovery Time	2024/10/16 10:32
Impact Level	Medium
[Subject] 【Vulnerability Alert】 Major Security Vulnerability in ChanGate Enterprise Property Management Information System (CVE-2024-9972)
[Content] Forwarded from TWCERTCC-200-202410-00000006 On October 15, 2024, TWCERT/CC published TVN-202410009, CVE-2024-9972 (CVSS: 9.8 Critical), regarding a SQL injection vulnerability in the ChanGate Enterprise Property Management Information System. This vulnerability allows unauthenticated remote attackers to inject arbitrary SQL commands, enabling them to read, modify, and delete database content. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] Property Management Information System
[Recommended Actions] Contact the vendor for a patch.
[Reference] ChanGate Enterprise Property Management Information System - SQL Injection: https://www.twcert.org.tw/tw/cp-132-8140-ee91e-1.html

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center

Click Num:

Share