CVE-2024-7026
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Nov 21, 2024
CWE ID 564
Summary
CVE-2024-7026 is a newly disclosed SQL Injection vulnerability affecting Teknogis Informatics' Closed Circuit Vehicle Tracking Software. The vulnerability enables attackers to inject malicious SQL commands, potentially leading to unauthorized access or data exfiltration. This issue is significant as it also supports Blind SQL Injection techniques, making it more challenging to detect and mitigate. Impacted versions of the software span through 21.11.2024. Regrettably, vendor response has been absent despite early disclosure efforts.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share