CVE-2024-0306

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 8, 2024

Updated: May 17, 2024

CWE ID 89

Summary

CVE-2024-0306 is a newly disclosed critical vulnerability affecting the Kashipara Dynamic Lab Management System up to version 1.0. This issue lies within the /admin/admin_login_process.php file, and an attacker can exploit it through manipulation of the argument "admin_password." The exploit enables sql injection, potentially granting unauthorized access to the system. Remotely initiated attacks are possible, and the identifier VDB-249873 has been assigned to this vulnerability. Public disclosure of the exploit increases the risk of its usage.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uEE4PO
https://www.cve.org/CVERecord?id=CVE-2024-0306
https://nvd.nist.gov/vuln/detail/CVE-2024-0306

Back to Vulnerability Database

CVE-2024-0306

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations