CVE-2024-51327

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 4, 2024
Updated: Nov 6, 2024
CWE ID 89

Summary

CVE-2024-51327 is a new SQL injection vulnerability that has been identified in the loginform.php component of ProjectWorld's Travel Management System version 1.0. Attackers can exploit this weakness to bypass the authentication process by injecting malicious SQL code into the 'username' and 'password' fields. This may enable unauthorized access to sensitive information or even take control of the affected system. SQL injection attacks are a common method used by cybercriminals to gain unauthorized access to databases, and they can have serious consequences for both the organization and its customers. It is recommended that users of ProjectWorld's Travel Management System v1.0 upgrade to the latest version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share