CVE-2024-9201

CVSS 3.1 Score 9.4 of 10 (high)

Details

Published Oct 10, 2024
CWE ID 89

Summary

CVE-2024-9201 identifies a critical vulnerability in the SEUR plugin, affecting versions prior to 2.5.11, which is susceptible to time-based SQL injection via the ‘id_order’ parameter at the ‘/modules/seur/ajax/saveCodFee.php’ endpoint. Affected products include various versions labeled as zXQp5e, zWXBAA, zWXBAB, among others. This vulnerability poses significant risks to organizations due to its high potential for compromising both confidentiality and integrity, with an exploitability score of 3.9 and a CVSS base score of 9.4. To remediate this issue, organizations should update the SEUR plugin to version 2.5.11 or later. The attack vector is network-based and does not require user interaction or elevated privileges, making it particularly concerning for exposed systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share