CVE-2024-8470

Summary

CVE-2024-8470 is an SQL injection vulnerability affecting the product identified as 'tYxz11', allowing attackers to exploit the CATEGORY parameter in the /jobportal/admin/vacancy/controller.php file to retrieve sensitive information stored in the database. The vulnerability has a high base severity score of 7.5 and poses a significant risk as it can lead to unauthorized access to confidential data without requiring any user interaction or special privileges. To remediate this vulnerability, organizations should implement proper input validation and parameterized queries to safeguard against SQL injection attacks. The attack vector is categorized as network-based, with low complexity, making it easier for attackers to exploit. If left unaddressed, this vulnerability could result in severe data breaches, impacting organizational confidentiality.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.