CVE-2024-41944 | xibosignage xibo-cms up to 3.3.11/4.0.13 proofofplayReport sortBy sql injection (GHSA-v6q4-h869-gm3r)

Posted by Angelo Barbosa | Jul 30, 2024 | CVE

A vulnerability was found in xibosignage xibo-cms up to 3.3.11/4.0.13 and classified as critical. Affected by this issue is some unknown functionality of the file report/data/proofofplayReport. The manipulation of the argument sortBy leads to sql injection.

This vulnerability is handled as CVE-2024-41944. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-41944 | xibosignage xibo-cms up to 3.3.11/4.0.13 proofofplayReport sortBy sql injection (GHSA-v6q4-h869-gm3r)

Related Posts

CVE-2024-10845 | 1000 Projects Bookstore Management System 1.0 book_detail.php id sql injection

CVE-2023-51514 | Codeboxr CBX Bookmark & Favorite Plugin up to 1.7.13 on WordPress cross site scripting

CVE-2024-29415 | ip Package up to 2.0.1/012.1.2.3/127.0.0.1/127.1 on Node.js server-side request forgery (ID 150)

CVE-2024-36413 | SalesAgility SuiteCRM up to 7.14.3/8.6.0 cross site scripting (GHSA-ph2c-hvvf-r273)