CVE-2024-37906 | admidio up to 4.3.8 ecard_send.php ecard_recipients sql injection

Inserito da Angelo Barbosa | Lug 29, 2024 | CVE

A vulnerability, which was classified as critical, has been found in admidio up to 4.3.8. Affected by this issue is some unknown functionality of the file /adm_program/modules/ecards/ecard_send.php. The manipulation of the argument ecard_recipients leads to sql injection.

This vulnerability is handled as CVE-2024-37906. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-37906 | admidio up to 4.3.8 ecard_send.php ecard_recipients sql injection

Post correlati

CVE-2024-2785 | Plus Addons for Elementor Plugin up to 5.4.2 on WordPress Age Gate cross site scripting

CVE-2024-0803 | Mitsubishi Electric MELSEC-Q/MELSEC-L Packet integer overflow (icsa-24-074-14)

CVE-2023-52178 | MojofyWP WP Affiliate Disclosure Plugin up to 1.2.7 on WordPress cross site scripting

CVE-2024-31342 | WPcloudgallery Gallery Exporter Plugin up to 1.3 on WordPress authorization