CVE-2024-33551

CVSS 3.1 Score 9.3 of 10 (high)

Details

Published Apr 29, 2024

CWE ID 89

Summary

CVE-2024-33551 is a newly identified SQL Injection vulnerability affecting the XStore Core software from 8theme. The flaw stems from improper handling of special elements in SQL commands, enabling unauthorized users to inject malicious SQL queries into the system. This vulnerability poses a significant risk, as it allows attackers to access sensitive data or even modify it, impacting versions of XStore Core from the unspecified older version up to and including 5.3.5.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vlKI-q
https://www.cve.org/CVERecord?id=CVE-2024-33551
https://nvd.nist.gov/vuln/detail/CVE-2024-33551

Back to Vulnerability Database

CVE-2024-33551

CVSS 3.1 Score 9.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations