CVE-2024-9986

Summary

CVE-2024-9986 is a critical vulnerability affecting the Blood Bank Management System version 1.0, which allows for SQL injection through the manipulation of parameters such as fullname, username, password, and email in the member_register.php file. This vulnerability can be exploited remotely with no authentication required, posing significant risks to an organization's data integrity and confidentiality. The initial report indicates that while the "password" parameter is explicitly mentioned, other parameters are also likely vulnerable. Organizations using this software should immediately restrict access to the affected components and apply any available patches or updates to mitigate potential exploitation. The vulnerability has a CVSS base score of 7.3, indicating a high severity level that necessitates prompt action.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.