CVE-2024-32136

CVSS 3.1 Score 7.6 of 10 (high)

Details

Published Apr 15, 2024

CWE ID 89

Summary

CVE-2024-32136 is an SQL injection vulnerability affecting the Xenioushk BWL Advanced FAQ Manager. The flaw stems from the application's failure to properly neutralize special elements in SQL commands, creating a potential avenue for attackers to execute malicious SQL statements. This issue poses a significant risk and can lead to unauthorized data access or modification. The vulnerability is present in versions of the BWL Advanced FAQ Manager ranging from n/a through 2.0.3. It is crucial for users to update their software to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vVfLiQ
https://www.cve.org/CVERecord?id=CVE-2024-32136
https://nvd.nist.gov/vuln/detail/CVE-2024-32136

Back to Vulnerability Database

CVE-2024-32136

CVSS 3.1 Score 7.6 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations