CVE-2024-9894

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Oct 12, 2024

Updated: Oct 15, 2024

CWE ID 89

Summary

CVE-2024-9894 is a critical vulnerability identified in the Blood Bank System 1.0, specifically within the reset.php file, which allows for SQL injection through the manipulation of the useremail argument. This vulnerability can be exploited remotely, posing a risk to data integrity and confidentiality, albeit the impact is rated as low. Organizations using this affected product should prioritize applying available patches or implementing input validation measures to mitigate the risk associated with this vulnerability. The exploit has been publicly disclosed, increasing the urgency for remediation. For further details on this issue and potential fixes, organizations are encouraged to consult resources such as those provided by VulDB and GitHub.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database