SQL Injection Vulnerability Affects SiberianCMS Users
CVE-2024-41702

9.8CRITICAL

Key Information:

Vendor: Siberiancms
Status: Siberiancms V5.0.8
Vendor: CVE Published:; 30 July 2024

🔔 Create Siberiancms Vulnerability Alert

What is CVE-2024-41702?

The vulnerability identified in SiberianCMS pertains to improper neutralization of special elements used in SQL commands, which may allow attackers to execute arbitrary SQL queries. This can lead to unauthorized access to sensitive data, manipulation of database content, and other detrimental effects on the application's integrity and confidentiality. It is crucial for users of SiberianCMS to apply necessary security measures and updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

SiberianCMS v5.0.8 version 5.0.8

References

https://www.gov.il/en/Departments/faq/cve_advisories

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2024
Vulnerability Reserved
Jul 21, 2024

Credit

Yotam Zaltsman