CVE-2024-24495

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 8, 2024

Updated: Feb 22, 2024

CWE ID 89

Summary

CVE-2024-24495 is a newly identified SQL Injection vulnerability that affects the delete-tracker.php file in the Daily Habit Tracker version 1.0. An attacker can exploit this vulnerability by crafting a malicious GET request, allowing them to execute arbitrary code remotely. Successful exploitation could result in unauthorized access, data theft, or system damage. Users are urged to update their Daily Habit Tracker installations as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uRonfI
https://www.cve.org/CVERecord?id=CVE-2024-24495
https://nvd.nist.gov/vuln/detail/CVE-2024-24495

Back to Vulnerability Database

CVE-2024-24495

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations