CVE-2024-28040

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 21, 2024

Updated: Mar 22, 2024

CWE ID 89

Summary

CVE-2024-28040 is a recently identified SQL injection vulnerability that affects the function GetDIAE_astListParameters. Cybercriminals can exploit this flaw to inject malicious SQL code into input fields, allowing unauthorized access to sensitive data or even complete system takeover. This issue poses a significant risk to organizations that rely on this software, and urgent patching is recommended to mitigate the risk. SQL injection attacks can lead to data breaches, financial loss, and reputational damage, making timely remediation crucial.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/u4osKe
https://www.cve.org/CVERecord?id=CVE-2024-28040
https://nvd.nist.gov/vuln/detail/CVE-2024-28040

Back to Vulnerability Database

CVE-2024-28040

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations