CVE-2024-57587

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 31, 2025

Updated: Feb 7, 2025

CWE ID 89

Summary

CVE-2024-57587 is a newly disclosed vulnerability affecting EasyVirt DCScope version 8.6.0 and CO2Scope version 1.3.0. An attacker can exploit this SQL injection flaw, present in the /api/auth/login endpoint, by injecting malicious SQL commands through either the username or password parameter. The vulnerability is unauthenticated, enabling remote adversaries to execute arbitrary SQL commands and potentially gain unauthorized access to sensitive data. This issue poses a significant risk and requires urgent attention from users to apply available patches or updates to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T-0LA
https://www.cve.org/CVERecord?id=CVE-2024-57587
https://nvd.nist.gov/vuln/detail/CVE-2024-57587

Back to Vulnerability Database

CVE-2024-57587

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations