CVE-2024-1297
CVSS 3.1 Score 10.0 of 10 (high)
Details
Published Feb 20, 2024
CWE ID 94
Summary
CVE-2024-1297 is a serious vulnerability affecting Loomio version 2.22.0. An attacker can exploit this issue to execute arbitrary commands on the server. The root cause is a failure to adequately sanitize user input, leading to OS Command Injection. Successful exploitation could result in unauthorized system access and potential data theft or modification. Users are advised to upgrade to a patched version immediately to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share