CVE-2024-48072
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-48072 represents a SQL injection vulnerability found in Weaver Ecology version 9 and above. An attacker can exploit this flaw through the /mobilemode/Action.jsp endpoint, specifically the MECAction and getFieldTriggerValue action. The vulnerability is due to insufficient input validation for searchField and fieldValue parameters, allowing an attacker to inject malicious SQL statements in the whereClause parameter. This can potentially lead to unauthorized access, data theft, or server hijacking. It is essential for organizations using Weaver Ecology to apply the necessary patches or upgrades to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- ecology