CVE-2024-25308

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 9, 2024
Updated: Feb 12, 2024
CWE ID 89

Summary

CVE-2024-25308 is a newly disclosed SQL injection vulnerability affecting the Simple School Management System version 1.0. An attacker can exploit this flaw by injecting malicious SQL code through the 'name' parameter in School/teacher_login.php, potentially gaining unauthorized access to sensitive data or making unintended modifications to the database. This vulnerability poses a significant risk to organizations using this software and requires immediate patching or mitigation efforts.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share