CVE-2024-41944 | xibosignage xibo-cms up to 3.3.11/4.0.13 proofofplayReport sortBy sql injection (GHSA-v6q4-h869-gm3r)

Posted by Angelo Barbosa | Jul 30, 2024 | CVE

A vulnerability was found in xibosignage xibo-cms up to 3.3.11/4.0.13 and classified as critical. Affected by this issue is some unknown functionality of the file report/data/proofofplayReport. The manipulation of the argument sortBy leads to sql injection.

This vulnerability is handled as CVE-2024-41944. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-41944 | xibosignage xibo-cms up to 3.3.11/4.0.13 proofofplayReport sortBy sql injection (GHSA-v6q4-h869-gm3r)

Related Posts

CVE-2024-23747 | Moderna Sistemas ModernaNet Hospital Management System 2024 Laudo id resource injection

CVE-2024-1007 | SourceCodester Employee Management System 1.0 edit_profile.php txtfullname sql injection

CVE-2024-47088 | Apex Softcell LD Geo API Login excessive authentication (CIVN-2024-0296)

CVE-2024-45522 | Linen Setting Privilege Escalation