CVE-2024-38882
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk57th percentile - higher than 57% of all known CVEs
Summary
A vulnerability in Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 (and possibly later) allows a remote attacker to execute operating system commands via SQL injection. The issue stems from improper neutralization of special elements used in OS commands.
Risk Assessment
An attacker can remotely execute arbitrary commands on the server, leading to full system compromise, data theft, or service disruption.
Recommendation
Immediately update Caterease to the latest available version containing the security fix. If an update is not possible, restrict application access to trusted networks and implement additional SQL query filtering mechanisms.
Original NVD description (English source)
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command.

