CVE-2024-8220

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 27, 2024
Updated: Aug 29, 2024
CWE ID 89

Summary

CVE-2024-8220 is a critical vulnerability affecting the itsourcecode Tailoring Management System version 1.0, specifically within the staffedit.php file. This vulnerability allows for SQL injection through manipulation of parameters such as id, stafftype, address, fullname, phonenumber, and salary, which can be exploited remotely with no authentication required. The potential impact includes significant breaches in confidentiality and integrity, as well as availability concerns for the affected systems. It is recommended that organizations using this software update to a patched version or implement input validation measures to mitigate the risk. The exploit has been publicly disclosed, increasing the urgency for remediation efforts.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share