CVE-2024-9972

Summary

CVE-2024-9972 is a newly disclosed SQL Injection vulnerability affecting the Property Management System produced by ChanGate. This issue permits unauthenticated remote attackers to insert malicious SQL statements into the system, granting them unfettered access to manipulate or delete sensitive database information. The vulnerability poses a significant risk, particularly to organizations dealing with customer data or financial transactions. Attackers could exploit it to steal confidential information, cause data corruption, or even gain administrative control. It is essential for ChanGate users to apply the necessary patches or updates as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.