CVE-2024-12967

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Dec 26, 2024

Updated: Dec 30, 2024

CWE ID 89

CWE ID 74

Summary

CVE-2024-12967 is a newly disclosed critical vulnerability that affects the Job Recruitment 1.0 software, specifically the function fln_update in the file /_parse/_all_edits.php. This issue allows sql injection attacks, which can be launched remotely. The manipulation of the fname/lname argument is the source of the vulnerability. The exploit for this issue has been made public, increasing the risk of widespread attacks. Organizations using this software are urged to apply the available patch as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Job Recruitment

Affected Vendors

Code Projects

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/17SlTv
https://www.cve.org/CVERecord?id=CVE-2024-12967
https://nvd.nist.gov/vuln/detail/CVE-2024-12967

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners