CVE-2024-8303

Summary

CVE-2024-8303 is a critical vulnerability found in dingfanzu CMS versions up to 29d67d9044f6f93378e6eb6ff92272217ff7225c, specifically affecting the file /ajax/getBasicInfo.php due to SQL injection via the username parameter. This vulnerability allows remote attackers to manipulate database queries, posing a risk of unauthorized data access and potential data corruption. The vendor has not responded to disclosures regarding this issue, leaving organizations without guidance on affected versions. To remediate the vulnerability, it is recommended that users implement input validation and sanitation measures for the affected file. With a CVSS base score of 6.3 and low privileges required for exploitation, organizations are advised to address this vulnerability promptly to mitigate potential threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.