CVE-2024-8945
published 2024-09-17CVE-2024-8945: A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the…
PriorityP269high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
14.54%
96.2th percentile
A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codecanyon | rise_ultimate_project_manager | — | — |
| fairsketch | rise_ultimate_project_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests to /index.php/dashboard/save where the 'id' parameter contains SQL injection patterns such as OR-based boolean payloads (e.g., '-1 OR 1=1-- -'). ↗
- →Look for HTTP responses containing the string 'The record has been saved.' in reply to POST requests to /index.php/dashboard/save with anomalous 'id' values, as the exploit uses this string to confirm successful SQL injection. ↗
- →Detect exploit script fingerprint: POST requests to /index.php/dashboard/save carrying the combination of fields 'id', 'data', 'title', and 'color' with the header X-Requested-With: XMLHttpRequest and Accept: application/json. ↗
- ·The exploit targets specifically version 3.7.0; version 3.7.1 is listed as the patched release. Detections should account for the fact that authenticated access is required before exploitation can occur. ↗
- ·The exploit uses verify=False (TLS certificate verification disabled), meaning it may target HTTPS instances with self-signed or invalid certificates; detection rules should cover both HTTP and HTTPS traffic. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2024-09-17
Published