CVE-2024-54921

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 9, 2024
Updated: Dec 11, 2024
CWE ID 89

Summary

CVE-2024-54921 is a newly disclosed SQL Injection vulnerability affecting the student_signup.php script in the outdated kashipara E-learning Management System version 1.0. This issue enables remote attackers to inject malicious SQL commands into the application's input fields, including the username, first name, last name, and class ID parameters. By exploiting this flaw, attackers can unauthorizedly access the underlying database, potentially gaining sensitive data or even complete system control. This vulnerability underscores the importance of keeping software up to date and implementing robust input validation techniques to protect against SQL Injection attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • E-Learning Management System

Affected Vendors

  • Kashipara