CVE-2024-8339
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-8339 is a critical vulnerability affecting the SourceCodester Electric Billing Management System version 1.0, specifically within the Connection Code Handler component at the /?page=tracks endpoint. This vulnerability allows for SQL injection through manipulation of the argument code, which can be exploited remotely without requiring any user interaction or elevated privileges. The impact of this vulnerability is significant, with potential high confidentiality and integrity impacts as well as high availability impact, rated with a CVSS base score of 9.8. To remediate this issue, organizations should apply security patches provided by SourceCodester and review their database interactions to ensure proper input validation and escaping of special characters. Given its exploitability and the nature of SQL injection attacks, organizations using this system are at risk of unauthorized access to sensitive data and potential data loss.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.