CVE-2024-7026

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 21, 2024
CWE ID 564

Summary

CVE-2024-7026 is a newly disclosed SQL Injection vulnerability affecting Teknogis Informatics' Closed Circuit Vehicle Tracking Software. The vulnerability enables attackers to inject malicious SQL commands, potentially leading to unauthorized access or data exfiltration. This issue is significant as it also supports Blind SQL Injection techniques, making it more challenging to detect and mitigate. Impacted versions of the software span through 21.11.2024. Regrettably, vendor response has been absent despite early disclosure efforts.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share