CVE-2024-2589

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Mar 18, 2024

CWE ID 89

Summary

CVE-2024-2589 is a newly disclosed SQL injection vulnerability affecting AMSS++ version 4.31. The issue lies in the /amssplus/modules/book/main/bookdetail_school_person.php file, where multiple parameters are susceptible to malicious SQL queries. A remote attacker can exploit this flaw to send crafted SQL commands to the server and gain unauthorized access to all the stored data in the database. This vulnerability poses a significant risk to systems using the affected version of AMSS++ and necessitates immediate patching to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ufTqdo
https://www.cve.org/CVERecord?id=CVE-2024-2589
https://nvd.nist.gov/vuln/detail/CVE-2024-2589

Back to Vulnerability Database

CVE-2024-2589

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations