No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-52790 | An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Input passed through the groupType parameter in /SCGController is mishandled before being used in SQL queries, allowing SQL injection in an authenticated session. |
| Link | Providers |
|---|---|
| https://hackmd.io/@AowPhwc/SyvEiDsIye |
|
Wed, 08 Jan 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-89 | |
| Metrics |
cvssV3_1
|
Wed, 08 Jan 2025 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Input passed through the groupType parameter in /SCGController is mishandled before being used in SQL queries, allowing SQL injection in an authenticated session. | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-01-08T19:44:06.557Z
Reserved: 2024-12-06T00:00:00.000Z
Link: CVE-2024-55517
Updated: 2025-01-08T19:44:01.861Z
Status : Deferred
Published: 2025-01-08T16:15:36.080
Modified: 2026-06-17T08:11:11.680
Link: CVE-2024-55517
No data.
OpenCVE Enrichment
No data.
-
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
EUVD