SQL Injection Vulnerability in Aegon Life by Aegon
CVE-2024-36597

8.8HIGH

Key Information:

Vendor: Projectworlds
Status: Life Insurance Management System
Vendor: CVE Published:; 14 June 2024

🔔 Create Projectworlds Vulnerability Alert

What is CVE-2024-36597?

Aegon Life v1.0 contains a SQL injection vulnerability which can be exploited through the client_id parameter at the clientStatus.php file. This flaw may allow attackers to manipulate the SQL queries executed by the application, potentially leading to unauthorized data access and exposure of sensitive information. Safeguarding against such vulnerabilities is paramount to ensuring the integrity and confidentiality of user data.

References

https://github.com/kaliankhe/CVE-Aslam-mahi/blob/9ec0572c...

https://www.exploit-db.com/exploits/52046

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
May 30, 2024

CVE-2024-36597 Data

JSON