CVE-2024-8464
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-8464 is a SQL injection vulnerability affecting the product identified as 'tYxz11', where an attacker can manipulate the JOBREGID parameter in the /jobportal/admin/applicants/controller.php file to extract sensitive information from the database. The vulnerability's exploitability score is rated at 3.9, with a base severity classified as HIGH and a base score of 7.5, indicating significant potential risk to confidentiality without requiring user interaction or elevated privileges. To remediate this issue, developers should implement proper input validation and parameterized queries to prevent SQL injection attacks. If exploited, this vulnerability poses a considerable danger to organizations, as it could lead to data breaches involving confidential applicant information stored in the system. For more details, refer to advisory sources such as INCIBE-CERT.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.