CVE-2024-7116

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 26, 2024
Updated: Aug 8, 2024
CWE ID 89

Summary

CVE-2024-7116 is a critical vulnerability affecting MD-MAFUJUL-HASAN Online-Payroll-Management-System up to September 11, 2023. This issue lies in the processing of the file /branch_viewmore.php, where manipulation of the argument id results in SQL injection, potentially allowing remote attackers to exploit the system. Though the exact affected and unaffected releases are unknown, as the product does not utilize versioning, and the vendor has not responded to disclosure notifications. The associated identifier for this vulnerability is VDB-272447, and the exploit has already been disclosed to the public.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share