CVE-2024-2522

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 16, 2024

Updated: May 17, 2024

CWE ID 77

Summary

CVE-2024-2522 is a newly disclosed critical vulnerability affecting the MAGESH-K21 Online-College-Event-Hall-Reservation-System version 1.0. The issue lies in an unspecified part of the /admin/booktime.php file, where a sql injection vulnerability can be triggered by manipulating the room_id argument. This flaw can be exploited remotely, and the exploit has already been made public. The associated identifier for this vulnerability is VDB-256959. Unfortunately, the vendor was not responsive when contacted regarding this disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ubjiFy
https://www.cve.org/CVERecord?id=CVE-2024-2522
https://nvd.nist.gov/vuln/detail/CVE-2024-2522

Back to Vulnerability Database

CVE-2024-2522

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations