{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2024-7837", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2024-08-15T14:26:10.913Z", "datePublished": "2024-11-22T08:12:52.767Z", "dateUpdated": "2026-06-02T08:31:36.373Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-02T08:31:36.373Z" }, "title": "SQLi in Firmanet Software's ERP", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE" } ] } ], "impacts": [ { "capecId": "CAPEC-66", "descriptions": [ { "lang": "en", "value": "CAPEC-66 SQL Injection" } ] } ], "affected": [ { "vendor": "Firmanet Software", "product": "ERP", "versions": [ { "status": "affected", "version": "0", "lessThanOrEqual": "22.11.2024", "versionType": "custom" } ], "defaultStatus": "affected" } ], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Firmanet Software ERP allows SQL Injection.\n\nThis issue affects ERP: through 22.11.2024.\n\n\n\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Firmanet Software ERP allows SQL Injection.
This issue affects ERP: through 22.11.2024.
\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n