CVE-2024-30244

CVSS 3.1 Score 8.5 of 10 (high)

Details

Published Mar 28, 2024

CWE ID 89

Summary

CVE-2024-30244 is a new SQL injection vulnerability that has been identified in the Church Admin software, affecting versions from n/a to 4.0.27. An attacker can exploit this weakness by inserting malicious SQL commands into input fields, leading to unauthorized access to sensitive data or even system takeover. The improper neutralization of special elements in SQL commands puts numerous organizations using this software at risk. It is recommended that users upgrade to the latest version of Church Admin as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vEH1rE
https://www.cve.org/CVERecord?id=CVE-2024-30244
https://nvd.nist.gov/vuln/detail/CVE-2024-30244

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-30244

CVSS 3.1 Score 8.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations