CVE-2024-9011

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 20, 2024
Updated: Sep 25, 2024
CWE ID 89

Summary

CVE-2024-9011 is a critical vulnerability found in the Crud Operation System 1.0, specifically in the updata.php file, where an SQL injection can be exploited through manipulation of the 'sid' argument. This vulnerability allows remote attackers to potentially gain unauthorized access and manipulate data, posing significant risks to confidentiality, integrity, and availability of affected systems. No special privileges or user interaction are required to exploit this flaw, emphasizing its severity with a CVSS base score of 9.8. Organizations using this software are urged to remediate the issue by applying patches or implementing input validation measures to prevent SQL injection attacks. The exploit has been publicly disclosed, increasing the urgency for affected parties to address this vulnerability promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share