Vulnerability Details | |
Severity | High |
CVE ID | CVE-2024-38871 |
Affected software versions | Build 5717 and below |
Fixed version | Build 5718 |
Fixed on | 15 July 2024 |
Exchange Reporter Plus was reported to have an authenticated SQL injection vulnerability in the Reports tab. This has been fixed in build 5718, and its release notes can be found here.
This vulnerability can allow an authenticated adversary to execute custom queries and access entries in the database table using the vulnerable request.
Given the severity of this vulnerability, customers are strongly advised to update Exchange Reporter Plus to the latest build immediately by following the steps mentioned below,
If you have any questions or need assistance updating the product to the latest version, please contact our product support at support@exchangereporterplus.com.
This vulnerability was discovered by minhgalaxy.