CVE-2024-41944

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jul 30, 2024

Updated: Jul 31, 2024

CWE ID 89

Summary

CVE-2024-41944 is a newly discovered SQL injection vulnerability affecting the Xibo content management system. The issue resides in the `report/data/proofofplayReport` API route, which can be exploited by authenticated users. By injecting maliciously crafted values into the `sortBy` parameter, attackers can gain unauthorized access to and manipulate arbitrary data stored in the Xibo database. To mitigate this risk, Xibo users are advised to upgrade to version 3.3.12 or 4.0.14, which address this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xNridr
https://www.cve.org/CVERecord?id=CVE-2024-41944
https://nvd.nist.gov/vuln/detail/CVE-2024-41944

Back to Vulnerability Database

CVE-2024-41944

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations