CVE-2024-9972

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 15, 2024
CWE ID 89

Summary

CVE-2024-9972 identifies a critical SQL Injection vulnerability in the Property Management System developed by ChanGate, which allows unauthenticated remote attackers to execute arbitrary SQL commands. This vulnerability poses significant risks, as it can enable attackers to read, modify, or delete database contents without requiring any user interaction or special privileges. The severity rating for this vulnerability is high, with a CVSS base score of 9.8, indicating potential profound impacts on the confidentiality, integrity, and availability of affected systems. To remediate this issue, organizations should apply patches provided by ChanGate and implement input validation measures to prevent SQL injection attacks. Failure to address this vulnerability could lead to severe data breaches and operational disruptions within the organization.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share