CVE-2024-9818

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Oct 10, 2024
Updated: Oct 15, 2024
CWE ID 89

Summary

CVE-2024-9818 is a critical vulnerability affecting the SourceCodester Online Veterinary Appointment System version 1.0, specifically within the /admin/categories/manage_category.php file, where an SQL injection can be exploited through manipulation of the 'id' argument. This vulnerability allows remote attackers to execute unauthorized SQL commands, potentially compromising the system's security and data integrity. Organizations using this software are advised to remediate the issue by updating to a patch if available or implementing input validation measures to prevent SQL injection attacks. The potential impact on confidentiality and integrity is classified as low, but the ease of exploitation poses significant risks due to its high severity rating (7.3). The vulnerability has been publicly disclosed, increasing its likelihood of exploitation in the wild.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share