CVE-2024-8155

Summary

CVE-2024-8155 is a critical vulnerability found in ContiNew Admin version 3.2.0, specifically affecting the SQL query handling in the function top.continew.starter.extension.crud.controller.BaseController#tree. The vulnerability allows for SQL injection through manipulation of the sort argument in a network-accessible API endpoint, which can be exploited remotely. This poses a potential risk to organizations using the affected product, as it could lead to unauthorized access and data manipulation. To remediate this issue, it is recommended that users update to a patched version or apply appropriate input validation measures to mitigate SQL injection risks. Despite early notification, the vendor has not responded regarding this disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.