CVE-2024-53604

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 27, 2024
Updated: Nov 29, 2024
CWE ID 94

Summary

CVE-2024-53604 is a newly discovered SQL Injection vulnerability affecting the PHPGurukul COVID 19 Testing Management System version 1.0. The vulnerability lies in the /covid-tms/check_availability.php file, where an attacker can exploit the mobnumber POST request parameter to inject malicious SQL queries. This allows the attacker to gain unauthorized access to the system and execute arbitrary code remotely. Successful exploitation could lead to serious data breaches or even system takeover, posing a significant threat to organizations using this software. It is crucial for users to apply the available patch or upgrade to a secure version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share