CVE-2024-6735
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Jul 15, 2024
CWE ID 89
Summary
CVE-2024-6735 is a newly disclosed critical vulnerability in the Tailoring Management System 1.0. The issue lies in the code of the file setgeneral.php, and it allows for remote sql injection by manipulating the arguments sitename/email/mobile/sms/currency. This exploit, identified as VDB-271456, can be initiated remotely and has been made public, posing a significant risk to systems using this software. Unpatched instances are vulnerable to attack.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Tailoring Management System
Affected Vendors
- Itsourcecode