SQL Injection Vulnerability in Xibo CMS for Enhanced Data Security
CVE-2024-41804

6.5MEDIUM

Key Information:

Vendor

Xibosignage

Status
Xibo
Vendor
CVE Published:
30 July 2024

What is CVE-2024-41804?

An SQL injection vulnerability exists in the Xibo content management system's API route responsible for Adding/Editing DataSet Column Formulas. Authenticated users can exploit this vulnerability by injecting malicious SQL queries through the 'formula' parameter, allowing them to access and modify arbitrary data within the Xibo database. This security flaw underscores the importance of promptly updating to the latest versions—3.3.12 or 4.0.14—to safeguard against unauthorized data manipulation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/xibosignage/xibo-cms/security/advisori...
https://github.com/xibosignage/xibo-cms/commit/39a2fd54b3...
https://xibosignage.com/blog/security-advisory-2024-07

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.