CVE-2024-55496

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Dec 17, 2024

Updated: Dec 20, 2024

CWE ID 89

Summary

CVE-2024-55496 is a newly discovered vulnerability affecting the 1000projects Bookstore Management System PHP MySQL Project 1.0. The issue lies within the functionality of the add_company.php file, specifically with the delete parameter. An attacker can exploit this vulnerability to inject SQL code, potentially gaining unauthorized access or ability to manipulate data within the system. This SQL injection flaw poses a significant risk to the security and integrity of the affected application. It is essential that users of this software update to a patched version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1T05Bf
https://www.cve.org/CVERecord?id=CVE-2024-55496
https://nvd.nist.gov/vuln/detail/CVE-2024-55496

Back to Vulnerability Database

CVE-2024-55496

CVSS 3.1 Score 9.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations