CVE-2024-50835

Summary

CVE-2024-50835 is a newly discovered SQL injection vulnerability affecting the KASHIPARA E-learning Management System Project 1.0. The vulnerability is located in the /admin/edit_student.php file and can be exploited through the cys, un, ln, fn, and id parameters. An attacker can inject malicious SQL queries into these parameters, potentially gaining unauthorized access to sensitive data or making unintended modifications. This issue poses a significant risk to organizations using this outdated software, as attackers can easily exploit it to compromise the system and steal or manipulate data. It is strongly recommended that users update to the latest version of the software or implement appropriate security measures to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.