CVE-2024-3704

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Apr 12, 2024
Updated: Jul 5, 2024
CWE ID 89

Summary

CVE-2024-3704 is a newly identified SQL Injection vulnerability that affects OpenGnsys product version 1.1.1d (Espeto). Hackers can exploit this weakness by inserting malicious SQL code into the login page. The consequence of this attack can lead to bypassing the login page or even granting unauthorized access to all data stored in the database. This vulnerability poses a significant risk and requires immediate remediation to prevent potential data breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share