SQL Injection in SirsiDynix Horizon IPAC20 <=3.25_9382 via ipac.jsp
CVE-2024-44903 Published on March 25, 2025

SQL Injection can occur in the SirsiDynix Horizon Information Portal (IPAC20) through 3.25_9382; however, a patch is available from the vendor. This is in ipac.jsp in a SELECT WHERE statement, in a part of the uri= variable in the second part of the full= inner variable.

NVD

Weakness Type

What is a SQL Injection Vulnerability?

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE-2024-44903 has been classified to as a SQL Injection vulnerability or weakness.

Affected Versions

SirsiDynix IPAC20:

Before and including 3.25_9382 is affected.

Exploit Probability

EPSS

0.11%

Percentile

28.60%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

SQL Injection in SirsiDynix Horizon IPAC20 <=3.25_9382 via ipac.jspCVE-2024-44903 Published on March 25, 2025

Weakness Type

What is a SQL Injection Vulnerability?

Affected Versions

Exploit Probability

SQL Injection in SirsiDynix Horizon IPAC20 <=3.25_9382 via ipac.jsp
CVE-2024-44903 Published on March 25, 2025