CVE-2024-22922

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 25, 2024
Updated: Jan 29, 2024
CWE ID 269

Summary

CVE-2024-22922 is a newly identified vulnerability affecting the Projectworlds Visitor Management System in PHP version 1.0. A malicious actor can exploit this issue by crafting a script to escalate privileges and gain unauthorized access to the login page via the POST/index.php endpoint, potentially leading to severe security consequences. This vulnerability poses a risk to systems using the affected version of the software and requires immediate attention for patching or mitigation efforts.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share