SQL Injection Vulnerability in Xibo CMS by Xibo Signage
CVE-2024-41803

4.9MEDIUM

Key Information:

Vendor: Xibosignage
Status: Xibo
Vendor: CVE Published:; 30 July 2024

🔔 Create Xibosignage Vulnerability Alert

What is CVE-2024-41803?

A vulnerability has been identified in Xibo CMS where an authenticated user can exploit SQL injection in the API routes related to Filtering DataSets. By injecting specially crafted values into the API, malicious users may obtain unauthorized access to arbitrary data stored in the Xibo database. It is crucial for users to update their installations to version 3.3.12 or 4.0.14 to mitigate this risk.

References

https://github.com/xibosignage/xibo-cms/security/advisori...

https://github.com/xibosignage/xibo-cms/commit/39a2fd54b3...

https://xibosignage.com/blog/security-advisory-2024-07

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2024

CVE-2024-41803 Data

JSON