CVE-2024-2592

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Mar 18, 2024

CWE ID 89

Summary

CVE-2024-2592 is a newly disclosed SQL injection vulnerability affecting AMSS++ version 4.31. The issue lies in the 'pic_show.php' script located in the '/amssplus/modules/person/' directory. A maliciously crafted 'person_id' parameter can be exploited by remote attackers to inject SQL queries into the server, potentially granting them access to all the information stored in the database. This vulnerability poses a significant risk and requires immediate attention from AMSS++ users to apply patches or updates to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ufXTf5
https://www.cve.org/CVERecord?id=CVE-2024-2592
https://nvd.nist.gov/vuln/detail/CVE-2024-2592

Back to Vulnerability Database

CVE-2024-2592

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations