CVE Catalog

CVE-2024-38889

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.89%

55th percentile - higher than 55% of all known CVEs

Summary

SQL Injection vulnerability in Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 and possibly later. A remote attacker can inject malicious SQL commands due to improper neutralization of special elements used in SQL commands.

Risk Assessment

The risk for the organization includes unauthorized database access, sensitive data leakage, data modification or deletion, and potential system takeover.

Recommendation

Immediately update Caterease to the latest available version and implement input validation and parameterized SQL queries to prevent SQL Injection attacks.

Original NVD description (English source)

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS