CVE-2024-7117

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 26, 2024
Updated: Aug 8, 2024
CWE ID 89

Summary

CVE-2024-7117 is a newly disclosed critical vulnerability affecting MD-MAFUJUL-HASAN Online-Payroll-Management-System up to September 11, 2023. The issue lies in an unknown function of the file /shift_viewmore.php, which can be exploited through SQL injection by manipulating the argument id. The vulnerability allows for remote attacks, and the exploit has already been made public. Unfortunately, due to the product's rolling release model, no specific version information for affected or updated releases is available. This vulnerability is identified as VDB-272448, and the vendor was contacted about the disclosure but did not respond.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share