CVE-2024-45622

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 2, 2024
Updated: Sep 3, 2024
CWE ID 89

Summary

CVE-2024-45622 identifies a critical SQL injection vulnerability affecting ASIS (Aplikasi Sistem Sekolah) versions 3.0.0 to 3.2.0, which allows for authentication bypass via the index.php username parameter. This flaw potentially impacts confidentiality, integrity, and availability due to its high exploitability score of 9.8 and requires no user interaction or privileges for exploitation, making it accessible over the network. Organizations using affected products such as 'yRx0W1', 'yRxy5Y', and 'yRx0W0' are at significant risk of unauthorized access and data compromise. Remediation efforts should focus on updating to a secure version that addresses this vulnerability to mitigate potential attacks. For detailed guidance on addressing this issue, organizations can refer to the provided link in the references section.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share