CVE-2024-8339

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 30, 2024
Updated: Sep 4, 2024
CWE ID 89

Summary

CVE-2024-8339 is a critical vulnerability affecting the SourceCodester Electric Billing Management System version 1.0, specifically within the Connection Code Handler component at the /?page=tracks endpoint. This vulnerability allows for SQL injection through manipulation of the argument code, which can be exploited remotely without requiring any user interaction or elevated privileges. The impact of this vulnerability is significant, with potential high confidentiality and integrity impacts as well as high availability impact, rated with a CVSS base score of 9.8. To remediate this issue, organizations should apply security patches provided by SourceCodester and review their database interactions to ensure proper input validation and escaping of special characters. Given its exploitability and the nature of SQL injection attacks, organizations using this system are at risk of unauthorized access to sensitive data and potential data loss.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share