cvedb.io
CVE-2024-9971
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2024-10-15T04:15:05.080 · Last modified 2026-06-17T08:25:37.020

Summary

The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.

Affected products

newtype — flowmaster_bpm_plus

Does this affect you?

Add your gear to cvedb and we'll alert you only when newtype ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.