CVE-2024-8138

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 25, 2024
Updated: Aug 27, 2024
CWE ID 89

Summary

CVE-2024-8138 is a critical vulnerability found in the Pharmacy Management System 1.0, specifically within the editManager function of the /index.php?action=editManager file, which is susceptible to SQL injection due to improper argument handling. The vulnerability allows remote attackers to exploit the system without requiring any privileges or user interaction, posing significant risks to data integrity and confidentiality. Remediation steps have not been clearly outlined due to the product's continuous delivery model, which does not provide specific version details for affected or updated releases. Given its high impact score of 9.8 and low attack complexity, organizations using this software should prioritize immediate action to secure their systems against potential exploitation. Continuous monitoring for updates from the vendor is recommended as public disclosure of the exploit has already occurred.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share