CVE-2024-9971 — The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify — CVE Database · The Intelligence Room