CVE-2024-7934

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 19, 2024
Updated: Aug 23, 2024
CWE ID 89

Summary

CVE-2024-7934 is a critical vulnerability affecting the itsourcecode Project Expense Monitoring System version 1.0, specifically in the execute.php file, which is susceptible to SQL injection due to improper handling of the argument code. Exploitation of this vulnerability can be performed remotely without requiring user interaction or elevated privileges, leading to significant risks including unauthorized access to sensitive data and potential compromise of system integrity. Affected products include 'x4-eFr' and 'x-PxYY'. To remediate this vulnerability, it is essential that organizations apply patches or updates provided by the vendor and review security configurations related to database queries. The severity of this vulnerability is underscored by a CVSS base score of 9.8, indicating a high likelihood of exploitation with serious impacts on confidentiality, integrity, and availability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share