CVE-2024-54932
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-54932 is a newly disclosed vulnerability affecting the Kashipara E-learning Management System version 1.0. The issue lies in the /admin/delete_department.php file, which is susceptible to SQL Injection attacks. An attacker can exploit this vulnerability by injecting malicious SQL statements into the input fields, potentially gaining unauthorized access to sensitive data or even taking control of the affected system. System administrators are advised to patch their installations with the latest version of the E-learning Management System to mitigate this risk. Failure to do so may result in data breaches or unintended system modifications.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- E-Learning Management System
Affected Vendors
- Kashipara