CVE-2024-4972

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published May 16, 2024

Updated: Jun 4, 2024

CWE ID 89

Summary

CVE-2024-4472: A critical sql injection vulnerability has been identified in the Simple Chat System 1.0's /login.php file. Manipulating the email/password argument can allow unauthorized access by injecting malicious SQL commands. The vulnerability can be exploited remotely, increasing the risk of attacks. The exploit is now public, making it a pressing concern for users of this software. An identifier, VDB-264537, has been assigned to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/v8y21d
https://www.cve.org/CVERecord?id=CVE-2024-4972
https://nvd.nist.gov/vuln/detail/CVE-2024-4972

Back to Vulnerability Database

CVE-2024-4972

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations