CVE-2024-7797

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 15, 2024
Updated: Aug 19, 2024
CWE ID 89

Summary

CVE-2024-7797 is a newly disclosed critical vulnerability affecting the SourceCodester Simple Online Bidding System 1.0. This issue lies within an unknown function of the file "/simple-online-bidding-system/bidding/admin/ajax.php?action=login." An attacker can exploit this vulnerability through manipulation of the argument "username," which leads to SQL injection. The vulnerability allows for remote attacks and has been publicly disclosed, increasing the risk of exploitation. System administrators are urged to patch their installations as soon as possible to mitigate the threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share