CVE-2024-8945

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Sep 17, 2024
Updated: Sep 20, 2024
CWE ID 89

Summary

CVE-2024-8945 is a critical vulnerability discovered in CodeCanyon RISE Ultimate Project Manager version 3.7.0, which allows for SQL injection via manipulation of the 'id' argument in the /index.php/dashboard/save file. This vulnerability can be exploited remotely, posing a risk to the confidentiality and integrity of data managed by affected organizations. The recommended remediation is to upgrade to a secure version of the software to mitigate potential attacks. The vulnerability has been publicly disclosed and may already be leveraged by malicious actors due to its low complexity and required user interaction. Organizations should assess their exposure and take prompt action to safeguard their systems against this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share