CVE-2024-7800

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 15, 2024
Updated: Aug 19, 2024
CWE ID 89

Summary

CVE-2024-7800 is a newly disclosed critical vulnerability in the SourceCodester Simple Online Bidding System 1.0. The issue lies within the file "/simple-online-bidding-system/bidding/admin/ajax.php?action=delete_product" and stems from an SQL injection vulnerability. By manipulating the argument id, an attacker can inject malicious SQL commands, potentially gaining unauthorized access to sensitive data or even executing admin actions. Remotely initiated attacks are possible, making this a significant threat to systems using this software. The exploit for this vulnerability has been made public, increasing the urgency for affected parties to apply the necessary patches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share