CVE-2024-31355

CVSS 3.1 Score 8.5 of 10 (high)

Details

Published Apr 10, 2024
CWE ID 89

Summary

CVE-2024-31355 is a newly identified SQL Injection vulnerability that affects the Tribulant Slideshow Gallery. The flaw stems from improper neutralization of special elements used in SQL commands. This issue poses a significant risk to Slideshow Gallery versions from n/a through 1.7.8, enabling malicious actors to inject malicious SQL statements and potentially gain unauthorized access to sensitive data or even take control of the affected system. It is crucial for users to update their Slideshow Gallery installations as soon as possible to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share