CVE-2024-2480

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Mar 15, 2024

Updated: May 17, 2024

CWE ID 918

Summary

CVE-2024-2480 is a newly disclosed critical vulnerability affecting MHA Sistemas arMHAzena 9.6.0.0. The issue resides in the Executa Page component, which is vulnerable to SQL injection. An attacker can manipulate the argument "Companhia/Planta/Agente de/Agente até" to execute malicious SQL queries remotely. This exploit has already been made public, increasing the risk of potential attacks. The identifier for this vulnerability is VDB-256888, and unfortunately, the vendor has not responded to early disclosure notifications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Libuv

Affected Vendors

Libuv

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uWkSMw
https://www.cve.org/CVERecord?id=CVE-2024-2480
https://nvd.nist.gov/vuln/detail/CVE-2024-2480

Back to Vulnerability Database