CVE-2024-41248
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-41248 is a newly identified access control vulnerability affecting the Kashipara Responsive School Management System version 3.2.0. The flaw, located in the /smsa/add_subject.php and /smsa/add_subject_submit.php files, allows unauthenticated attackers to add new subject entries remotely due to incorrect access controls. This issue could potentially allow malicious actors to manipulate data within the system, leading to potential security risks and potential data breaches. It is recommended that users upgrade to the latest version of the software to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.