Last active
March 7, 2025 08:31
-
-
Save getHecked/dc4ae46526d181d3deb17092815b9bec to your computer and use it in GitHub Desktop.
CVE-2024-42844 public reference
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE ID: CVE-2024-42844 | |
| Affected product & version: Epicor P21 - 23.2.5232 | |
| Description: | |
| A SQL Injection vulnerability has been identified in EPICOR Prophet 21 (P21) up to 23.2.5232. This vulnerability allows authenticated remote attackers to execute arbitrary SQL commands through unsanitized user input fields to obtain unauthorized information | |
| Remediation Recommendation: | |
| Upgrade software to 24.1.5358 | |
| Notes from Vendor: | |
| Epicor customers can see EpicCare article KB0138127 for further information | |
| Vulnerability reported: 4th April 2024 | |
| Fix confirmed on version 24.1.5358 | |
| Publication as agreed with vendor: 4th March 2025 | |
| Reporter: | |
| Arjun Nair - https://www.linkedin.com/in/arjun-nair-609656153/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment