CVE-2024-7117
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-7117 is a newly disclosed critical vulnerability affecting MD-MAFUJUL-HASAN Online-Payroll-Management-System up to September 11, 2023. The issue lies in an unknown function of the file /shift_viewmore.php, which can be exploited through SQL injection by manipulating the argument id. The vulnerability allows for remote attacks, and the exploit has already been made public. Unfortunately, due to the product's rolling release model, no specific version information for affected or updated releases is available. This vulnerability is identified as VDB-272448, and the vendor was contacted about the disclosure but did not respond.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.