CVE-2024-55517 Information

Description

An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Input passed through the groupType parameter in /SCGController is mishandled before being used in SQL queries allowing SQL injection in an authenticated session.

Reference

https://hackmd.io/@AowPhwc/SyvEiDsIye