CVE-2024-54932

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 9, 2024
Updated: Dec 12, 2024
CWE ID 89

Summary

CVE-2024-54932 is a newly disclosed vulnerability affecting the Kashipara E-learning Management System version 1.0. The issue lies in the /admin/delete_department.php file, which is susceptible to SQL Injection attacks. An attacker can exploit this vulnerability by injecting malicious SQL statements into the input fields, potentially gaining unauthorized access to sensitive data or even taking control of the affected system. System administrators are advised to patch their installations with the latest version of the E-learning Management System to mitigate this risk. Failure to do so may result in data breaches or unintended system modifications.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • E-Learning Management System

Affected Vendors

  • Kashipara