CVE-2024-52446

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 20, 2024

Updated: Nov 21, 2024

CWE ID 352

Summary

CVE-2024-52446 is a Cross-Site Request Forgery (CSRF) vulnerability that affects Buying Buddy IDX CRM versions from n/a to 1.1.12. An attacker can exploit this issue to perform Object Injection, potentially gaining unauthorized access or executing malicious actions on behalf of a victim. This vulnerability allows an attacker to manipulate the input of a vulnerable web application to inject malicious code or issue unauthorized commands, posing a significant risk to the confidentiality and integrity of data handled by the CRM system. It is crucial for users to update their Buying Buddy IDX CRM software to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database