CVE-2024-7800
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-7800 is a newly disclosed critical vulnerability in the SourceCodester Simple Online Bidding System 1.0. The issue lies within the file "/simple-online-bidding-system/bidding/admin/ajax.php?action=delete_product" and stems from an SQL injection vulnerability. By manipulating the argument id, an attacker can inject malicious SQL commands, potentially gaining unauthorized access to sensitive data or even executing admin actions. Remotely initiated attacks are possible, making this a significant threat to systems using this software. The exploit for this vulnerability has been made public, increasing the urgency for affected parties to apply the necessary patches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.