CVE-2024-3002

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Mar 27, 2024
Updated: Mar 28, 2024
CWE ID 89

Summary

A critical vulnerability, identified as CVE-2024-3002 and classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), has been discovered in the code-projects Online Book System 1.0. The vulnerability exists in an unknown function of the file /description.php and allows for SQL injection through manipulation of the argument ID. This vulnerability can be exploited remotely, posing a potential risk to organizations that use the affected software. The exploit has been disclosed to the public and may be utilized by attackers. It is recommended that organizations remediate this vulnerability by applying appropriate patches or updates provided by the software vendor.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-3002 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options