{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T21:08:53.572","vulnerabilities":[{"cve":{"id":"CVE-2024-9982","sourceIdentifier":"twcert@cert.org.tw","published":"2024-10-15T08:15:03.603","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content."},{"lang":"es","value":"La plataforma de marketing AIM LINE de Esi Technology no valida correctamente un parámetro de consulta específico. Cuando el módulo de campaña LINE está habilitado, atacantes remotos no autenticados pueden inyectar comandos FetchXml arbitrarios para leer, modificar y eliminar contenido de la base de datos."}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-8147-eb650-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-8146-497a2-1.html","source":"twcert@cert.org.tw"}]}}]}