CVE-2024-8220
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-8220 is a critical vulnerability affecting the itsourcecode Tailoring Management System version 1.0, specifically within the staffedit.php file. This vulnerability allows for SQL injection through manipulation of parameters such as id, stafftype, address, fullname, phonenumber, and salary, which can be exploited remotely with no authentication required. The potential impact includes significant breaches in confidentiality and integrity, as well as availability concerns for the affected systems. It is recommended that organizations using this software update to a patched version or implement input validation measures to mitigate the risk. The exploit has been publicly disclosed, increasing the urgency for remediation efforts.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.