Critical SQL Injection Vulnerability Found in Apache Traffic Control
/ 1 min read
🛠️ Critical SQL Injection Vulnerability Discovered in Apache Traffic Control. Security researchers have identified a severe SQL injection vulnerability, CVE-2024-45387, in Apache Traffic Control, affecting versions 8.0.0 to 8.0.1, with a CVSS score of 9.9. This flaw allows privileged users to execute arbitrary SQL commands via specially crafted PUT requests, posing risks of data manipulation and system compromise. Discovered by Yuan Luo from Tencent YunDing Security Lab, the vulnerability has been addressed with the release of Apache Traffic Control 8.0.2. However, the publication of proof-of-concept exploit code by researchers Abdelrhman Zayed and Mohamed Abdelhady on GitHub raises concerns about potential exploitation of unpatched systems, underscoring the need for immediate patching and enhanced access controls.
