CVE-2024-24868

CVSS 3.1 Score 8.5 of 10 (high)

Details

Published Feb 28, 2024

CWE ID 89

Summary

CVE-2024-24868 is a new SQL Injection vulnerability affecting the Smartypants SP Project & Document Manager. The issue stems from the application's failure to neutralize special elements used in SQL commands, making it susceptible to malicious SQL injection attacks. The vulnerability can be exploited to gain unauthorized access to sensitive data or even take control of the affected system. The impacted versions of SP Project & Document Manager range from n/a to 4.69. Users are advised to apply the necessary patches as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uXGHwE
https://www.cve.org/CVERecord?id=CVE-2024-24868
https://nvd.nist.gov/vuln/detail/CVE-2024-24868

Back to Vulnerability Database

CVE-2024-24868

CVSS 3.1 Score 8.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations