Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-3816

June 28, 2024, 1:38 p.m.

Product(s) Impacted

S@M CMS (Concept Intermedia)

Description

Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection executed using the search bar.  Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.

Weaknesses

CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CWE ID: 89

Date

Published: June 28, 2024, 1:15 p.m.

Last Modified: June 28, 2024, 1:38 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cvd@cert.pl

References