CVE-2024-48813
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-48813 is an SQL injection vulnerability found in taskmatic version 1.0, specifically affecting the employee-management-system-php-and-mysql component. This flaw allows remote attackers to execute arbitrary code by manipulating the admin_id parameter in the /update-employee.php file. The vulnerability has a high severity rating, with a base score of 8.8, indicating significant risks to confidentiality, integrity, and availability of data. To remediate this issue, organizations should update to a patched version of the software and implement proper input validation measures to prevent SQL injection attacks. If exploited, this vulnerability could lead to unauthorized access and control over sensitive employee data within affected products.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.