CVE-2024-9294

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Sep 27, 2024
Updated: Sep 30, 2024
CWE ID 89

Summary

CVE-2024-9294 is a critical vulnerability affecting dingfanzu CMS up to version 29d67d9044f6f93378e6eb6ff92272217ff7225c, specifically in the file saveNewPwd.php, which is susceptible to SQL injection through manipulation of the username argument. This vulnerability can be exploited remotely, allowing attackers to compromise the database integrity and confidentiality with low complexity and no user interaction required. It is classified with a base score of 6.3 in CVSS version 3.1, indicating medium severity and potential impact on data availability and integrity. To remediate this issue, it is recommended that organizations update their dingfanzu CMS installations to incorporate secure coding practices that prevent SQL injection vulnerabilities. Continuous monitoring and applying security patches as they become available are essential to mitigate risks associated with this exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share