CVE-2024-2264

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 7, 2024

Updated: May 17, 2024

CWE ID 1333

Summary

CVE-2024-2264 is a newly disclosed critical vulnerability affecting the Keerti1924 PHP-MYSQL-User-Login-System version 1.0. The issue lies in an unknown functionality of the /login.php file, which can be exploited through sql injection by manipulating the email argument. This vulnerability allows remote attacks and has already been made public, increasing the risk for exploitation. Unfortunately, the vendor has not responded to early disclosures about this issue, and no patch is currently available. (VDB-256034)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uGxPr8
https://www.cve.org/CVERecord?id=CVE-2024-2264
https://nvd.nist.gov/vuln/detail/CVE-2024-2264

Back to Vulnerability Database

CVE-2024-2264

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations