CVE-2024-8138
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-8138 is a critical vulnerability found in the Pharmacy Management System 1.0, specifically within the editManager function of the /index.php?action=editManager file, which is susceptible to SQL injection due to improper argument handling. The vulnerability allows remote attackers to exploit the system without requiring any privileges or user interaction, posing significant risks to data integrity and confidentiality. Remediation steps have not been clearly outlined due to the product's continuous delivery model, which does not provide specific version details for affected or updated releases. Given its high impact score of 9.8 and low attack complexity, organizations using this software should prioritize immediate action to secure their systems against potential exploitation. Continuous monitoring for updates from the vendor is recommended as public disclosure of the exploit has already occurred.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.