CVE-2024-25400
CRITICALDescription
Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| intelliants | subrion |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-25400? +
How severe is CVE-2024-25400? +
What products are affected by CVE-2024-25400? +
How do I check if I'm vulnerable to CVE-2024-25400? +
Related Vulnerabilities
Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.
ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString() via unsanitized $routeAndAccount concatenated …
SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, …
A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters …
Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in …
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default …