CVE-2024-45265

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 26, 2024
Updated: Aug 27, 2024
CWE ID 79

Summary

CVE-2024-45265 is a critical SQL injection vulnerability affecting the poll component in SkySystem Arfa-CMS versions prior to 5.1.3124, which allows remote attackers to execute arbitrary SQL commands via the psid parameter. This vulnerability has a base CVSS score of 9.8, indicating high potential impacts on confidentiality, integrity, and availability, while requiring no privileges or user interaction for exploitation. To remediate this issue, organizations should update their Arfa-CMS installations to version 5.1.3124 or later to mitigate the risk posed by this vulnerability. If exploited, this flaw could lead to significant data breaches and unauthorized access to sensitive information within an organization’s database. The attack vector is network-based with a low complexity level, making it accessible for attackers with minimal expertise.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share