CVE-2024-48072

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 19, 2024
Updated: Nov 21, 2024
CWE ID 89

Summary

CVE-2024-48072 represents a SQL injection vulnerability found in Weaver Ecology version 9 and above. An attacker can exploit this flaw through the /mobilemode/Action.jsp endpoint, specifically the MECAction and getFieldTriggerValue action. The vulnerability is due to insufficient input validation for searchField and fieldValue parameters, allowing an attacker to inject malicious SQL statements in the whereClause parameter. This can potentially lead to unauthorized access, data theft, or server hijacking. It is essential for organizations using Weaver Ecology to apply the necessary patches or upgrades to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share