CVE-2024-55517 | THREATINT

Description

An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Input passed through the groupType parameter in /SCGController is mishandled before being used in SQL queries, allowing SQL injection in an authenticated session.

PUBLISHED Reserved 2024-12-06 | Published 2025-01-08 | Updated 2025-01-08 | Assigner mitre

References

hackmd.io/@AowPhwc/SyvEiDsIye

cve.org (CVE-2024-55517)

nvd.nist.gov (CVE-2024-55517)

Download JSON