CVE-2024-10700

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 2, 2024
Updated: Nov 5, 2024
CWE ID 707
CWE ID 74
CWE ID 89

Summary

CVE-2024-10700 is a newly disclosed critical vulnerability affecting the University Event Management System 1.0. The issue resides in the code of the file "submit.php," and it allows for sql injection attacks. Attackers can manipulate multiple parameters, including name, email, title, Year, gender, fromdate, and todate, to execute malicious SQL statements. This vulnerability can be exploited remotely, and the exploit has already been made public. While the initial advisory only mentions the "name" parameter, it's important to note that other parameters may also be susceptible to this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share