CVE-2024-9080

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 22, 2024
Updated: Sep 26, 2024
CWE ID 89

Summary

CVE-2024-9080 is a critical vulnerability affecting the Student Record System 1.0, specifically in the /pincode-verification.php file due to improper handling of input leading to SQL injection. This vulnerability allows remote attackers to manipulate the pincode argument, potentially compromising confidentiality and integrity of the system. The exploit requires no authentication and has a low attack complexity, making it easier for adversaries to execute. To remediate this issue, users should apply patches or updates provided by the vendor immediately. Organizations using the affected software should be vigilant, as exploitation could result in severe data breaches and operational disruptions.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share