CVE-2024-24572 | WillyXJ facileManager up to 4.5.0 Parameter admin-logs.php extract $_REQUEST sql injection (GHSA-xw34-8pj6-75gc)

Inserito da Angelo Barbosa | Feb 1, 2024 | CVE

A vulnerability classified as critical was found in WillyXJ facileManager up to 4.5.0. Affected by this vulnerability is the function extract of the file admin-logs.php of the component Parameter Handler. The manipulation of the argument $_REQUEST leads to sql injection.

This vulnerability is known as CVE-2024-24572. The attack can be launched remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2024-24572 | WillyXJ facileManager up to 4.5.0 Parameter admin-logs.php extract $_REQUEST sql injection (GHSA-xw34-8pj6-75gc)

Post correlati

CVE-2024-10148 | Awesome Buttons Plugin up to 1.0 on WordPress Shortcode cross site scripting

CVE-2024-7059 | Genetec Security Center prior 5.12.2.1 externally-controlled input to select classes or code

CVE-2023-6650 | SourceCodester Simple Invoice Generator System 1.0 login.php cashier cross site scripting

CVE-2024-7505 | itsourcecode Bike Delivery System 1.0 contact_us_action.php name sql injection