CVE-2024-45850

Summary

CVE-2024-45850 is an arbitrary code execution vulnerability affecting MindsDB platform versions 23.10.5.0 through 24.7.4.1 when the Microsoft SharePoint integration is installed. This vulnerability allows specially crafted 'INSERT' queries containing Python code to be executed on the server, posing significant risks to the integrity and confidentiality of data stored in databases created with the SharePoint engine. The exploit requires low privileges, does not necessitate user interaction, and can be executed over a network, leading to a high base severity rating of 8.8. Organizations are advised to remediate this issue by updating to a patched version of MindsDB that addresses this vulnerability as soon as possible to mitigate potential attacks. Failure to address this vulnerability could result in unauthorized access and control over affected systems, potentially leading to data breaches and other security incidents.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.