CVE-2024-38889
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk55th percentile - higher than 55% of all known CVEs
Summary
SQL Injection vulnerability in Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 and possibly later. A remote attacker can inject malicious SQL commands due to improper neutralization of special elements used in SQL commands.
Risk Assessment
The risk for the organization includes unauthorized database access, sensitive data leakage, data modification or deletion, and potential system takeover.
Recommendation
Immediately update Caterease to the latest available version and implement input validation and parameterized SQL queries to prevent SQL Injection attacks.
Original NVD description (English source)
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command.

