CVE-2024-9037

Summary

CVE-2024-9037 is a critical vulnerability found in Codezips Internal Marks Calculation version 1.0, specifically affecting the index.php file where SQL injection can occur through the manipulation of the argument "tid." This vulnerability can be exploited remotely without requiring authentication or user interaction, posing significant risks to the confidentiality and integrity of the affected system. To remediate this issue, organizations should ensure that input validation is properly implemented to prevent SQL injection attacks. The vulnerability has been publicly disclosed, and its exploitability score is rated at 3.9 out of 10, indicating a high level of concern for potential attacks. Affected products include those linked to the identifier "yxDq8_."

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.