CVE-2024-4257

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Apr 27, 2024

Updated: May 17, 2024

CWE ID 89

Summary

CVE-2024-4257 is a newly disclosed critical vulnerability that affects the BlueNet Technology Clinical Browsing System version 1.2.1. The issue is located in the /xds/deleteStudy.php file, and involves a sql injection vulnerability. Manipulation of the documentUniqueId argument can be exploited remotely, leading to potential unauthorized database access or data manipulation. The exploit for this vulnerability has been made public, increasing the risk of attacks. This vulnerability has been assigned the identifier VDB-262149.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vn_y6X
https://www.cve.org/CVERecord?id=CVE-2024-4257
https://nvd.nist.gov/vuln/detail/CVE-2024-4257

Back to Vulnerability Database

CVE-2024-4257

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations