CVE-2024-9574

CVSS 3.1 Score 6.5 of 10 (medium)

Attack Complexity low
Confidentiality high
Privileges Required low
Integrity none
Availability none
Scope unchanged

Details

Published Oct 7, 2024
Updated: Oct 8, 2024
CWE ID 89

Summary

CVE-2024-9574 is a newly disclosed SQL injection vulnerability affecting SOPlanning versions below 1.45. The issue resides in the /soplanning/www/user_groupes.php file, specifically in the by parameter. An attacker can exploit this vulnerability by submitting a maliciously crafted query. Successful exploitation grants the attacker access to all stored data in the database, potentially leading to confidential information disclosure or unauthorized modifications. This vulnerability poses a significant risk and requires immediate attention and patching from SOPlanning users.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share