CVE-2024-9078

Summary

CVE-2024-9078 is a critical SQL injection vulnerability found in the Student Record System 1.0, specifically within the /course.php file. This vulnerability allows remote attackers to manipulate the 'coursename' argument, potentially leading to unauthorized access and data manipulation. Affected products include the code-projects Student Record System, with an exploit publicly disclosed. To remediate this issue, organizations should apply security patches provided by the vendor or implement input validation measures to prevent SQL injection attacks. The vulnerability is classified with a high severity score of 7.3, indicating significant risk and potential impact on confidentiality and integrity if exploited successfully.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.