CVE-2024-48245

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jan 7, 2025

CWE ID 89

Summary

CVE-2024-48245 is a new SQL Injection vulnerability affecting Vehicle Management System 1.0. This issue allows unauthenticated guests to manipulate vulnerable POST parameters during administrative actions like booking a vehicle or confirming a reservation. The exploit can be carried out on /newvehicle.php and /newdriver.php pages by targeting parameters such as "Booking ID", "Action Name", and "Payment Confirmation ID". This vulnerability poses a significant risk, as attackers can inject malicious SQL queries to access, modify, or delete sensitive data. Users are strongly advised to patch their systems as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Vehicle Management System

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners