CVE-2024-8150

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Aug 25, 2024
Updated: Aug 26, 2024
CWE ID 89

Summary

CVE-2024-8150 is a critical vulnerability identified in ContiNew Admin version 3.2.0, specifically affecting the API endpoint /api/system/user?deptId=1&page=1&size=10 due to improper handling of the "sort" argument, leading to SQL injection risks. This vulnerability allows for remote exploitation, which could compromise data integrity and confidentiality within affected systems. The potential danger includes unauthorized access to sensitive information and manipulation of database content, posing a significant threat to organizations using this software. Remediation steps include updating to a patched version of the software or implementing input validation to mitigate the risk of SQL injection attacks. Despite early notification, the vendor has not responded regarding this issue, raising concerns about timely support for users affected by the vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share