CVE-2024-8329

Summary

CVE-2024-8329 is a vulnerability affecting the 6SHR system from Gether Technology, which fails to properly validate the specific page parameter, enabling remote attackers with low privileges to inject SQL commands that can read, modify, and delete database contents. The vulnerability has a high severity rating, with a base score of 8.8 and significant impacts on confidentiality, integrity, and availability. Remediation steps include implementing proper input validation and sanitization measures within the application to prevent SQL injection attacks. Without addressing this vulnerability, organizations face considerable risks including unauthorized data access and potential data loss. For more details, vendors can refer to advisories provided by TWCERT (links available in their documentation).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.