SQL Injection Vulnerability in WTCMS from Taosir
CVE-2024-48238

Currently unrated

Key Information:

Vendor: Taosir
Status: WTCMS
Vendor: CVE Published:; 25 October 2024

What is CVE-2024-48238?

WTCMS 1.0 contains a vulnerability that allows for SQL Injection via the edit_post method in the NavControl.class.php file. This issue can be exploited through the parentid parameter, enabling attackers to manipulate database queries. Such vulnerabilities can lead to unauthorized data access, data corruption, and compromising the integrity of the application. It is crucial for users of WTCMS 1.0 to apply security patches and follow best practices to mitigate potential risks.

References

https://github.com/taosir/wtcms/issues/14

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2024
Vulnerability Reserved
Oct 8, 2024

JSON