CVE-2024-8348

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 30, 2024
Updated: Sep 4, 2024
CWE ID 89

Summary

CVE-2024-8348 is a critical vulnerability affecting the SourceCodester Computer Laboratory Management System version 1.0, specifically within the delete_category function located in /classes/Master.php. This vulnerability allows for SQL injection through manipulation of the argument id, enabling remote attackers to exploit it without requiring authentication or user interaction. The potential impact includes high confidentiality, integrity, and availability risks to affected systems, with a CVSS base score of 9.8 indicating its severity. Organizations are advised to remediate this issue by updating or patching the affected software as soon as possible to mitigate the risk of exploitation. Further details and guidance can be found in associated advisories and databases such as those listed on vuldb.com.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share