CVE-2024-12939
CVSS 3.1 Score 6.3 of 10 (medium)
Details
Published Dec 26, 2024
CWE ID 89
CWE ID 74
Summary
CVE-2024-12939 is a critical vulnerability affecting the code-projects Job Recruitment 1.0 software. The issue lies within the 'add_edu' function of the '/_parse/_all_edits.php' file, which is susceptible to SQL injection. Manipulation of the 'degree' argument can be exploited remotely, potentially leading to unauthorized data access or modification. The exploit for this vulnerability has been made public, increasing the risk for potential attacks. Further investigation suggests that other parameters within the function may also be vulnerable.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share