CVE-2024-25910

Summary

CVE-2024-25910 is a newly disclosed SQL Injection vulnerability affecting Skymoonlabs MoveTo software versions 1 through 6.2. An attacker can exploit this vulnerability by introducing malicious SQL commands, which may lead to unauthorized data access or modification. The issue arises due to the application's failure to adequately neutralize special elements used in SQL commands. This type of vulnerability can pose a significant risk, as it may allow an attacker to gain unauthorized access to sensitive data or even take control of the underlying database. It is strongly recommended that users of Skymoonlabs MoveTo upgrade to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.