CVE-2024-6968
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Jul 22, 2024
Updated: Aug 19, 2024
CWE ID 89
Summary
CVE-2024-6970 is a critical vulnerability affecting the Tailoring Management System 1.0. The issue lies within an unidentified function in the file /staffcatadd.php, where a sql injection vulnerability is present. Malicious actors can exploit this flaw by manipulating the title argument, leading to unauthorized database access. This vulnerability can be exploited remotely, increasing the risk of attacks. The exploit for this vulnerability (VDB-272124) has been made public, raising concerns of potential widespread exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share