CVE-2024-9790

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Oct 10, 2024
Updated: Oct 15, 2024
CWE ID 89

Summary

CVE-2024-9790 is a critical vulnerability identified in LyLme_spage version 1.9.5, specifically affecting the /admin/sou.php file where SQL injection can be exploited through manipulation of the argument id. This vulnerability allows for remote attacks and poses a potential threat to data integrity and confidentiality, as it could lead to unauthorized access to sensitive information. The vendor has not responded to disclosures regarding this issue, raising concerns about timely remediation. To mitigate this risk, organizations using affected products should update their systems or apply available patches immediately. The exploitation of this vulnerability requires high privileges but has a low complexity level, making it an accessible target for attackers.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share