This vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition (up to version 2.3.11) allows SQL Injection due to improper neutralization of special elements in SQL commands. The CVSS 3.1 score of 9.3 reflects a network attack vector with low attack complexity, no privileges or user interaction required, and a scope change. The impact includes high confidentiality loss and low availability impact. No patch or mitigation details are currently available from the vendor or advisory sources.

Successful exploitation could allow an unauthenticated attacker to execute arbitrary SQL commands on the backend database, potentially leading to unauthorized disclosure of sensitive data (confidentiality impact). The vulnerability does not indicate integrity impact but may cause limited availability disruption. No known exploits have been reported in the wild to date.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting network access to the affected application and monitor for suspicious activity related to SQL injection attempts. Avoid exposing the vulnerable application to untrusted networks. Apply vendor patches promptly once available.