CVE-2024-34032

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published May 3, 2024

CWE ID 89

Summary

CVE-2024-34032 is a newly disclosed SQL injection vulnerability affecting the GetDIACloudList endpoint in Delta Electronics DIAEnergie. An attacker with valid credentials can exploit this issue to inject malicious SQL queries, potentially gaining unauthorized access to the underlying system and compromising its security. This vulnerability poses a significant risk and requires immediate remediation efforts from organizations using the affected product.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vrXL4W
https://www.cve.org/CVERecord?id=CVE-2024-34032
https://nvd.nist.gov/vuln/detail/CVE-2024-34032

Back to Vulnerability Database

CVE-2024-34032

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations