CVE-2024-57401

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 20, 2025

Updated: Feb 21, 2025

CWE ID 94

Summary

CVE-2024-57401 represents a significant SQL Injection vulnerability found in Uniclare Student portal versions 2 and prior. This issue enables remote attackers to exploit the Forgot Password function and execute arbitrary code. By carefully crafting input data for SQL queries, an adversary can manipulate database operations, potentially leading to unauthorized access or system takeover. This vulnerability poses a serious threat to data security and integrity, emphasizing the importance of timely updates and robust input validation measures.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T4_mC
https://www.cve.org/CVERecord?id=CVE-2024-57401
https://nvd.nist.gov/vuln/detail/CVE-2024-57401

Back to Vulnerability Database

CVE-2024-57401

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations