CVE-2024-41802 | xibosignage xibo-cms up to 3.3.11/4.0.13 API Route sql injection (GHSA-x4qm-vvhp-g7c2)

Posted by Angelo Barbosa | Jul 30, 2024 | CVE

A vulnerability, which was classified as critical, has been found in xibosignage xibo-cms up to 3.3.11/4.0.13. This issue affects some unknown processing of the component API Route. The manipulation leads to sql injection.

The identification of this vulnerability is CVE-2024-41802. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-41802 | xibosignage xibo-cms up to 3.3.11/4.0.13 API Route sql injection (GHSA-x4qm-vvhp-g7c2)

Related Posts

CVE-2024-7352 | PDF-XChange Editor prior 10.3.0.386 PDF File Parser out-of-bounds write (ZDI-24-1037)

CVE-2024-37890 | websockets ws up to 5.2.3/6.2.2/7.5.9/8.17.0 on Node.js Request Header null pointer dereference

CVE-2024-1632 | Progress Sitefinity prior 13.3.7649/14.4.8135/15.0.8227 Administrative Area access control

CVE-2024-3259 | SourceCodester Internship Portal Management System 1.0 delete_activity.php activity_id sql injection