CVE-2024-44903 Information

Description

SQL Injection can occur in the SirsiDynix Horizon Information Portal (IPAC20) through 3.25_9382; however a patch is available from the vendor. This is in ipac.jsp in a SELECT WHERE statement in a part of the uri= variable in the second part of the full= inner variable.

Reference

https://www.artresilia.com/cve-2024-44903-sql-injection-vulnerability-in-horizon-information-portal/ https://www.artresilia.com/cve-2024-44903-sql-injection-vulnerability-in-horizon-information-portal/