CVE-2024-53604
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-53604 is a newly discovered SQL Injection vulnerability affecting the PHPGurukul COVID 19 Testing Management System version 1.0. The vulnerability lies in the /covid-tms/check_availability.php file, where an attacker can exploit the mobnumber POST request parameter to inject malicious SQL queries. This allows the attacker to gain unauthorized access to the system and execute arbitrary code remotely. Successful exploitation could lead to serious data breaches or even system takeover, posing a significant threat to organizations using this software. It is crucial for users to apply the available patch or upgrade to a secure version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.