CVE-2024-52724

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 2, 2024
Updated: Dec 3, 2024
CWE ID 89

Summary

CVE-2024-52724 refers to a recently discovered SQL injection vulnerability in the ZZCMS 2023 content management system. The flaw is located in the /q/show.php file, which unfortunately leaves this part of the software open to attack. Malicious actors can exploit the issue by injecting malicious SQL commands into the input fields, enabling them to extract, modify, or delete sensitive data from the database. This kind of vulnerability can lead to serious security breaches and unauthorized access, underscoring the importance of keeping all software up-to-date with the latest security patches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share