CVE-2024-7797

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 15, 2024

Updated: Aug 19, 2024

CWE ID 89

Summary

CVE-2024-7797 is a newly disclosed critical vulnerability affecting the SourceCodester Simple Online Bidding System 1.0. This issue lies within an unknown function of the file "/simple-online-bidding-system/bidding/admin/ajax.php?action=login." An attacker can exploit this vulnerability through manipulation of the argument "username," which leads to SQL injection. The vulnerability allows for remote attacks and has been publicly disclosed, increasing the risk of exploitation. System administrators are urged to patch their installations as soon as possible to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xwMd5n
https://www.cve.org/CVERecord?id=CVE-2024-7797
https://nvd.nist.gov/vuln/detail/CVE-2024-7797

Back to Vulnerability Database

CVE-2024-7797

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations