CVE-2024-55988

CVSS 3.1 Score 9.3 of 10 (high)

Details

Published Dec 16, 2024

CWE ID 89

Summary

CVE-2024-55988 is a newly disclosed SQL Injection vulnerability affecting the Navayan CSV Export software, version n/a through 1.0.9. An attacker can exploit this weakness by introducing malicious SQL commands, which are not properly neutralized during processing. This results in Blind SQL Injection, allowing attackers to access and manipulate data without the need for explicit knowledge of the database structure or content. The vulnerability poses a significant risk, as it can enable unauthorized data access, modification, or even complete system takeover. Users are strongly advised to update their Navayan CSV Export software to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database