CVE-2024-8301

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Aug 29, 2024
Updated: Aug 30, 2024
CWE ID 89

Summary

CVE-2024-8301 is a critical vulnerability affecting dingfanzu CMS versions up to commit 29d67d9044f6f93378e6eb6ff92272217ff7225c, specifically in the file /ajax/checkin.php. This flaw allows for SQL injection through manipulation of the "username" argument, which can be exploited remotely without requiring authentication or user interaction. The vulnerability poses potential risks to data integrity and confidentiality, with a CVSS base score of 7.3 indicating high severity. To remediate this issue, organizations are advised to monitor for updates from the vendor or apply mitigations against SQL injection attacks. The vendor was notified about this vulnerability but did not respond prior to public disclosure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share