CVE-2024-9804

Summary

CVE-2024-9804 is a critical vulnerability affecting the Blood Bank System version 1.0, specifically in the file /admin/campsdetails.php, where an SQL injection can be executed through the manipulation of the hospital argument. This vulnerability allows attackers to initiate remote exploits, potentially compromising data integrity and confidentiality within affected products such as x-PxZ3. To mitigate this risk, organizations should apply any available patches or updates from the vendor and implement input validation measures to prevent SQL injection attacks. The attack vector has a low complexity rating but requires high privileges for exploitation, indicating that unauthorized users could still pose a threat if they gain access to necessary accounts. Public disclosure of this vulnerability increases the urgency for remediation to protect sensitive information from unauthorized access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.