SQL Injection Vulnerability in Xibo CMS by Xibo Signage
CVE-2024-41803
4.9MEDIUM
What is CVE-2024-41803?
A vulnerability has been identified in Xibo CMS where an authenticated user can exploit SQL injection in the API routes related to Filtering DataSets. By injecting specially crafted values into the API, malicious users may obtain unauthorized access to arbitrary data stored in the Xibo database. It is crucial for users to update their installations to version 3.3.12 or 4.0.14 to mitigate this risk.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published