CVE-2024-50970
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Nov 13, 2024
Updated: Nov 14, 2024
CWE ID 89
Summary
CVE-2024-50970 is a newly disclosed SQL injection vulnerability that affects the Itsourcecode Online Furniture Shopping Project 1.0, specifically the orderview1.php file. This issue enables remote attackers to inject and execute malicious SQL commands by manipulating the id parameter. Successful exploitation could result in unauthorized data access, modification, or even system takeover. It is recommended that affected users immediately apply the necessary patches to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share