CVE-2024-3432

CVSS 3.1 Score 8.4 of 10 (high)

Details

Published Apr 7, 2024

Updated: May 17, 2024

CWE ID 378

Summary

CVE-2024-3432 is a recently disclosed critical vulnerability affecting the PuneethReddyHC Event Management software version 1.0. This issue stems from insufficient input validation in the processing of the /backend/register.php file, leading to SQL injection. An attacker can manipulate the event_id, full_name, email, mobile, college, and branch arguments to inject malicious SQL statements remotely. The vulnerability has been publicly disclosed, increasing the risk of exploitation. The vendor, PuneethReddyHC, was notified but did not respond, leaving users exposed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vuONQ1
https://www.cve.org/CVERecord?id=CVE-2024-3432
https://nvd.nist.gov/vuln/detail/CVE-2024-3432

Back to Vulnerability Database

CVE-2024-3432

CVSS 3.1 Score 8.4 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations