CVE-2024-8346
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-8346 is a critical vulnerability identified in the SourceCodester Computer Laboratory Management System version 1.0, specifically within the update_settings_info function of the /classes/SystemSettings.php file. This vulnerability allows for SQL injection through manipulation of the "name" argument, enabling remote attackers to exploit it without authentication. The potential impact includes high risks to confidentiality, integrity, and availability of data within affected systems. To mitigate this vulnerability, users are advised to patch or update their systems as soon as a fix becomes available from the vendor. Failure to address this issue may expose organizations to significant security breaches and data loss.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.