CVE-2024-4423

Summary

The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass. An attacker who has network access to the login panel can log in with administrator rights to the application.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.

Affected Software

VendorProductVersion RangeStatus
CEMI Tomasz PawełekCemiPark4.5affected
CEMI Tomasz PawełekCemiPark4.7affected
CEMI Tomasz PawełekCemiPark5.03affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References