CVE-2024-9295

Summary

CVE-2024-9295 is a critical vulnerability identified in the SourceCodester Advocate Office Management System 1.0, affecting the processing of the file /control/login.php, which is susceptible to SQL injection through manipulation of the username argument. This vulnerability can be exploited remotely without requiring authentication, posing significant risks to an organization's data integrity and confidentiality. The exploit has been publicly disclosed, increasing the likelihood of attacks against vulnerable systems. To mitigate this risk, organizations should apply available patches or updates provided by SourceCodester and review their security configurations to protect against SQL injection attacks. The vulnerability has a CVSS score of 7.3, indicating a high severity level that necessitates immediate attention.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.