CVE-2024-4992

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published May 16, 2024

CWE ID 89

Summary

CVE-2024-4992 is a newly disclosed vulnerability affecting SiAdmin 1.1. This issue enables SQL injection through the /modul/mod_kuliah/aksi_kuliah.php parameter of the nim module. A remote attacker can exploit this vulnerability by sending a maliciously crafted SQL query, which could result in the retrieval of all stored data within the system. This vulnerability poses a significant risk, as it allows unauthorized access to sensitive information. Users are strongly urged to update their SiAdmin installation to the latest version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/v9Zc6j
https://www.cve.org/CVERecord?id=CVE-2024-4992
https://nvd.nist.gov/vuln/detail/CVE-2024-4992

Back to Vulnerability Database

CVE-2024-4992

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations