CVE-2024-11663
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-11663 is a newly disclosed critical vulnerability that affects the Codezips E-Commerce Site 1.0. The issue lies within an unidentified functionality of the file search.php, which can be exploited through sql injection. By manipulating the argument keywords, an attacker can inject malicious SQL commands, allowing them to access sensitive data or make unauthorized modifications. The vulnerability can be exploited remotely, increasing the risk to organizations using this software. The exploit for this vulnerability has been publicly disclosed, increasing the urgency for affected organizations to apply the necessary patches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.