CVE-2024-54924
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-54924: A SQL Injection vulnerability was identified in the /admin/edit_content.php file of the kashipara E-learning Management System v1.0. This issue permits remote attackers to execute arbitrary SQL commands by manipulating the title and content parameters, granting unauthorized database access. This vulnerability poses a significant risk, as attackers can exploit it to extract sensitive information or even take control of the system. It is crucial for users of this E-learning Management System to apply the necessary patches or upgrades as soon as possible to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- E-Learning Management System
Affected Vendors
- Kashipara