CVE-2024-5523

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published May 31, 2024

CWE ID 89

Summary

CVE-2024-5523 is a newly disclosed SQL injection vulnerability affecting Astrotalks software up to version 10/03/2023. An authenticated local user can exploit this flaw by sending a maliciously crafted SQL query through the 'searchString' parameter. Successful exploitation of this vulnerability could grant the attacker unrestricted access to the affected database, potentially leading to data theft or manipulation. It's recommended that users of Astrotalks update to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wL7FCZ
https://www.cve.org/CVERecord?id=CVE-2024-5523
https://nvd.nist.gov/vuln/detail/CVE-2024-5523

Back to Vulnerability Database

CVE-2024-5523

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations