CVE-2024-45265

Suggested description

A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3132 allows remote attackers to execute arbitrary SQL commands via the psid parameter.

Vulnerability Type

CWE-89 | SQL Injection

Vendor of Product

SkySystem (https://skyss.ru/)

Affected Product Code Base

Arfa-CMS - 5.1.3124 and earlier

Impact Escalation of Privileges

true

Has vendor confirmed or acknowledged the vulnerability?

true

Discoverer

Kirill Kalimmulin

Reference

https://skyss.ru

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-45265

Suggested description

Vulnerability Type

Vendor of Product

Affected Product Code Base

Impact Escalation of Privileges

Has vendor confirmed or acknowledged the vulnerability?

Discoverer

Reference

About

Releases

Packages

TheHermione/CVE-2024-45265

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-45265

Suggested description

Vulnerability Type

Vendor of Product

Affected Product Code Base

Impact Escalation of Privileges

Has vendor confirmed or acknowledged the vulnerability?

Discoverer

Reference

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages