CVE-2024-54924

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 9, 2024
Updated: Dec 11, 2024
CWE ID 89

Summary

CVE-2024-54924: A SQL Injection vulnerability was identified in the /admin/edit_content.php file of the kashipara E-learning Management System v1.0. This issue permits remote attackers to execute arbitrary SQL commands by manipulating the title and content parameters, granting unauthorized database access. This vulnerability poses a significant risk, as attackers can exploit it to extract sensitive information or even take control of the system. It is crucial for users of this E-learning Management System to apply the necessary patches or upgrades as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • E-Learning Management System

Affected Vendors

  • Kashipara