CVE-2024-8784

Summary

CVE-2024-8784 is a critical SQL injection vulnerability found in the QDocs Smart School Management System version 7.0.0. The vulnerability arises from improper handling of the 'users[]' argument in the Chat component, which can be exploited remotely to execute unauthorized SQL commands. It is recommended that users upgrade to version 7.0.1 to remediate this issue effectively. If left unaddressed, this vulnerability poses a potential risk to an organization's data integrity and confidentiality, as it allows attackers to manipulate database queries with low complexity and privileges required. The exploit has already been disclosed publicly, increasing the urgency for affected organizations to take action.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.