CVE-2024-11487

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 20, 2024

Updated: Nov 22, 2024

CWE ID 89

CWE ID 74

Summary

CVE-2024-11487 is a critical vulnerability affecting the Code4Berry Decoration Management System 1.0. This issue lies in the Between Dates Reports component, specifically in the /decoration/admin/btndates_report.php file. The vulnerability involves SQL injection, which can be triggered by manipulating the fromdate/todate arguments. An attacker can exploit this remotely, making it a significant threat. The vulnerability has been disclosed to the public, and the absence of a response from the vendor raises concerns about potential exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0tf6hf
https://www.cve.org/CVERecord?id=CVE-2024-11487
https://nvd.nist.gov/vuln/detail/CVE-2024-11487

Back to Vulnerability Database

CVE-2024-11487

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations