CVE-2024-25220

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 14, 2024
Updated: Feb 16, 2024
CWE ID 89

Summary

CVE-2024-25220: A SQL injection vulnerability was identified in the Task Manager App v1.0. This issue affects the /TaskManager/EditTask.php endpoint, specifically the taskID parameter. An attacker could exploit this flaw to inject malicious SQL commands and gain unauthorized access to sensitive information or even execute arbitrary code. This vulnerability poses a significant risk and requires immediate remediation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share