CVE-2024-1297

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Feb 20, 2024
CWE ID 94

Summary

CVE-2024-1297 is a serious vulnerability affecting Loomio version 2.22.0. An attacker can exploit this issue to execute arbitrary commands on the server. The root cause is a failure to adequately sanitize user input, leading to OS Command Injection. Successful exploitation could result in unauthorized system access and potential data theft or modification. Users are advised to upgrade to a patched version immediately to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share