CVE-2024-8380

Summary

CVE-2024-8380 is a critical vulnerability affecting the SourceCodester Contact Manager with Export to VCF 1.0, specifically impacting the Delete Contact Handler component through the file /endpoint/delete-account.php. The vulnerability allows for SQL injection via manipulation of the contact argument, which can be exploited remotely without requiring user interaction or privileges. Organizations using affected products are at risk of significant data breaches, as the vulnerability poses high integrity and confidentiality impacts, alongside potential availability issues. Remediation steps include updating to patched versions of the software provided by SourceCodester. For more details on mitigation strategies and disclosures, resources can be found at various advisory links related to this CVE.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.