CVE-2024-9328

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 29, 2024
Updated: Oct 1, 2024
CWE ID 89

Summary

CVE-2024-9328 is a critical vulnerability affecting the SourceCodester Advocate Office Management System 1.0, specifically in the file /control/edit_client.php, which is susceptible to SQL injection due to improper handling of the argument id. This vulnerability can be exploited remotely without requiring user interaction and may lead to significant impacts on confidentiality, integrity, and availability of the affected system. To remediate this issue, organizations should update their systems to the latest version provided by SourceCodester or implement necessary input validation measures to prevent SQL injection attacks. The low attack complexity combined with high potential impacts makes this a serious threat that could allow unauthorized access or manipulation of sensitive data. Public disclosure of the exploit increases urgency for affected organizations to address this vulnerability promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share