CVE-2024-9788

Summary

CVE-2024-9788 is a critical vulnerability discovered in LyLme_spage version 1.9.5, specifically affecting the /admin/tag.php file, which allows for SQL injection through manipulation of the argument 'id'. This vulnerability can be exploited remotely and has been disclosed publicly, posing a potential risk to organizations using the affected product (identified as 'wNnrj9'). The exploit requires high privileges for successful execution but does not necessitate user interaction. To mitigate this risk, it is recommended that organizations apply patches or updates from the vendor if available, or implement measures to restrict access to vulnerable components until a fix is released. Failure to address this vulnerability could lead to unauthorized access and manipulation of sensitive data within the affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.