CVE-2024-8308

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 28, 2024
CWE ID 89

Summary

CVE-2024-8308 is a newly disclosed vulnerability that puts web applications at risk. A low privileged attacker can exploit this issue by injecting SQL commands into the application, taking advantage of the software's improper handling of HTTP request input data. As a result, the attacker gains the ability to exfiltrate all data stored in the affected database, posing a significant threat to privacy and data security. This vulnerability underscores the importance of input validation and sanitization techniques in web development to prevent SQL injection attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share