CVE-2024-9091

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Sep 23, 2024
Updated: Sep 27, 2024
CWE ID 89

Summary

CVE-2024-9091 is a critical vulnerability found in the Student Record System 1.0, specifically affecting the file /index.php. The vulnerability allows for SQL injection through manipulation of the "regno" argument, which can potentially be exploited remotely without the need for user interaction or special privileges. The threat poses risks to an organization's data integrity and confidentiality, as attackers may access or manipulate sensitive information. To remediate this vulnerability, it is recommended to update to a patched version of the software, ensure proper input validation, and implement security measures to prevent SQL injection attacks. The exploit has been publicly disclosed, increasing the urgency for organizations using this product to address the issue promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share