CVE-2024-10700

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 2, 2024

Updated: Nov 5, 2024

CWE ID 707

CWE ID 74

CWE ID 89

Summary

CVE-2024-10700 is a newly disclosed critical vulnerability affecting the University Event Management System 1.0. The issue resides in the code of the file "submit.php," and it allows for sql injection attacks. Attackers can manipulate multiple parameters, including name, email, title, Year, gender, fromdate, and todate, to execute malicious SQL statements. This vulnerability can be exploited remotely, and the exploit has already been made public. While the initial advisory only mentions the "name" parameter, it's important to note that other parameters may also be susceptible to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0F1grl
https://www.cve.org/CVERecord?id=CVE-2024-10700
https://nvd.nist.gov/vuln/detail/CVE-2024-10700

Back to Vulnerability Database

CVE-2024-10700

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations