CVE-2024-48813

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 11, 2024
CWE ID 89

Summary

CVE-2024-48813 is an SQL injection vulnerability found in taskmatic version 1.0, specifically affecting the employee-management-system-php-and-mysql component. This flaw allows remote attackers to execute arbitrary code by manipulating the admin_id parameter in the /update-employee.php file. The vulnerability has a high severity rating, with a base score of 8.8, indicating significant risks to confidentiality, integrity, and availability of data. To remediate this issue, organizations should update to a patched version of the software and implement proper input validation measures to prevent SQL injection attacks. If exploited, this vulnerability could lead to unauthorized access and control over sensitive employee data within affected products.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share