CVE-2024-52474
CVSS 3.1 Score 9.3 of 10 (high)
Details
Summary
CVE-2024-52474 is a newly disclosed SQL Injection vulnerability affecting the LLC "TriIncom" Express Payments Module. The flaw permits Blind SQL Injection, meaning an attacker can inject malicious SQL statements without directly viewing the response. This vulnerability exists due to improper neutralization of special elements used in SQL commands. The Express Payments Module, from an unknown version up to and including 1.1.8, is reportedly impacted by this issue. Successful exploitation could potentially lead to unauthorized access, data theft, or system disruption.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.