CVE-2024-0498

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 13, 2024

Updated: May 17, 2024

CWE ID 89

Summary

CVE-2024-0498 is a critical vulnerability affecting the Project Worlds Lawyer Management System 1.0. An unknown functionality of the file searchLawyer.php is the source of this issue. By manipulating the argument "experience," attackers can inject SQL code, leading to potential data breaches. This vulnerability can be exploited remotely, and the associated exploit has been made public. Users of this software are advised to apply patches or updates as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uHqtzM
https://www.cve.org/CVERecord?id=CVE-2024-0498
https://nvd.nist.gov/vuln/detail/CVE-2024-0498

Back to Vulnerability Database

CVE-2024-0498

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations