CVE-2024-8568

Summary

CVE-2024-8568 is a critical vulnerability identified in Mini-Tmall versions up to 20240901, specifically affecting the rewardMapper.select function within the tmall/admin/order/1/1 file. This vulnerability allows for SQL injection due to improper handling of the orderBy argument, enabling remote attacks. The exploit has been publicly disclosed, and despite early vendor notification, there has been no response. Organizations using affected Mini-Tmall products should apply patches or workarounds to mitigate the risk. The potential impact includes unauthorized data access and manipulation, posing a medium severity threat to confidentiality and integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.