CVE-2024-54842

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 12, 2024
CWE ID 89

Summary

CVE-2024-54842 is a newly discovered SQL injection vulnerability affecting the phpgurukul Online Nurse Hiring System v1.0. The issue lies in the /admin/password-recovery.php file and can be exploited through the mobileno parameter. An attacker can inject malicious SQL commands to gain unauthorized access to sensitive data or perform destructive operations on the database. This vulnerability poses a serious threat to the confidentiality and integrity of the affected system and requires immediate remediation. Users are advised to upgrade to the latest version of the software or implement suitable security measures to prevent attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share