CVE-2024-11649
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Nov 25, 2024
CWE ID 74
CWE ID 89
Summary
CVE-2024-11649 is a newly disclosed critical vulnerability affecting the 1000 Projects Beauty Parlour Management System 1.0. The issue lies in the manipulation of the 'searchdata' argument in the /admin/search-appointment.php file, leading to SQL injection. This vulnerability allows remote attackers to exploit the system, making it a serious threat. Public disclosure of the exploit heightens the risk, as malicious actors may already be targeting affected systems.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share