CVE-2024-0529

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 15, 2024

Updated: May 17, 2024

CWE ID 89

Summary

CVE-2024-0529 is a newly disclosed critical vulnerability affecting CXBSoft Post-Office up to version 1.0. The issue lies in the file /apps/login_auth.php of the component HTTP POST Request Handler. Maliciously crafted input to the argument username_login can trigger SQL injection, potentially leading to unauthorized access or data breaches. This vulnerability has been publicly disclosed, increasing the risk of exploitation. The associated identifier is VDB-250699, and unfortunately, the vendor has not responded to earlier disclosure notifications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uJLOCN
https://www.cve.org/CVERecord?id=CVE-2024-0529
https://nvd.nist.gov/vuln/detail/CVE-2024-0529

Back to Vulnerability Database

CVE-2024-0529

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations