CVE-2024-8467

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 5, 2024
Updated: Sep 6, 2024
CWE ID 89

Summary

CVE-2024-8467 is an SQL injection vulnerability affecting the product identified as 'tYxz11,' which allows attackers to exploit the 'id' parameter in the '/jobportal/admin/category/index.php' endpoint, potentially retrieving sensitive information stored in the database. The vulnerability is classified as having a high base severity score of 7.5 and can be exploited over the network without requiring user interaction or special privileges. Organizations are urged to remediate this issue by validating and sanitizing input parameters to prevent malicious queries from being executed. The risk posed by this vulnerability includes significant confidentiality impacts, exposing sensitive data to unauthorized users. For further details and guidance, organizations can refer to advisories such as those provided by INCIBE-CERT.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share