CVE-2024-41248

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 7, 2024
Updated: Aug 8, 2024
CWE ID 284

Summary

CVE-2024-41248 is a newly identified access control vulnerability affecting the Kashipara Responsive School Management System version 3.2.0. The flaw, located in the /smsa/add_subject.php and /smsa/add_subject_submit.php files, allows unauthenticated attackers to add new subject entries remotely due to incorrect access controls. This issue could potentially allow malicious actors to manipulate data within the system, leading to potential security risks and potential data breaches. It is recommended that users upgrade to the latest version of the software to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share