CVE-2024-8327

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 30, 2024
Updated: Sep 4, 2024
CWE ID 89

Summary

CVE-2024-8327 identifies a vulnerability in the Online Learning and Testing Platform developed by HWA JIUH DIGITAL TECHNOLOGY, where improper validation of a specific page parameter allows remote attackers with low privileges to execute arbitrary SQL commands. This flaw can enable attackers to read, modify, and delete content from the database, posing a high risk to an organization’s data integrity and confidentiality. Affected products include the platform associated with ID 'yLCBPB', and remediation steps should focus on enhancing input validation mechanisms to prevent SQL injection attacks. The vulnerability has an exploitability score of 2.8 and a base severity rating of high (8.8) on the CVSS scale, indicating significant potential impact with low attack complexity. Organizations should prioritize addressing this vulnerability to mitigate risks associated with unauthorized database access and data manipulation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share