CVE-2024-54923
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Dec 9, 2024
Updated: Dec 11, 2024
CWE ID 89
Summary
CVE-2024-54923 is a newly disclosed SQL Injection vulnerability affecting the kashipara E-learning Management System version 1.0. The issue is located in the /admin/edit_teacher.php file, where the department parameter is susceptible to attacker manipulation. Successful exploitation grants remote attackers the ability to execute arbitrary SQL commands, resulting in unauthorized database access. This vulnerability poses a significant risk and requires immediate attention and patching to mitigate potential data breaches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- E-Learning Management System
Affected Vendors
- Kashipara