CVE-2024-0857
9.8 CRITICALImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc
Published: 2024-07-18 · Last updated: 2026-06-03
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-89
Affected products
| Vendor | Product |
|---|---|
| uni-yaz | flexwater_corporate_water_management |
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection. This issue affects FlexWater Corporate Water Management: before 5.452.0.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-1619 — Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc (8.3 HIGH)
- CVE-2026-1618 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc (8.8 HIGH)
- CVE-2025-14349 — Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc (8.8 HIGH)
Same CWE
- CVE-2026-53474 — A flaw was found in migration-planner (9.6 CRITICAL)
- CVE-2026-52758 — Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL qu... (8.8 HIGH)
- CVE-2026-49498 — Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to e... (8.8 HIGH)
- CVE-2026-3018 — The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up t... (7.5 HIGH)
- CVE-2026-3326 — The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX ... (8.6 HIGH)