CVE-2024-8466

Summary

CVE-2024-8466 identifies a SQL injection vulnerability affecting the product tYxz11, which allows attackers to exploit the CATEGORY parameter in /jobportal/admin/category/controller.php to retrieve sensitive information from the database. This vulnerability has a critical base score of 9.8 and poses significant risks, including high confidentiality and integrity impacts, with potential consequences for data leakage or corruption. Remediation involves implementing proper input validation and sanitization measures to prevent unauthorized queries. The attack vector is network-based, requiring no user interaction and minimal privileges, making it particularly concerning for organizations that utilize this product. For further details, organizations are encouraged to consult the advisory published by INCIBE-CERT.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.