Filtered by vendor Instantcms
Subscriptions
Filtered by product Icms2
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-4928 | 1 Instantcms | 1 Icms2 | 2024-08-02 | 7.2 High |
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1. | ||||
CVE-2024-31212 | 1 Instantcms | 1 Icms2 | 2024-08-02 | 6.7 Medium |
InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in index_chart_data action, which receives an input from user and passes it unsanitized to the core model `filterFunc` function that further embeds this data in an SQL statement. This allows attackers to inject unwanted SQL code into the statement. The `period` should be escaped before inserting it in the query. As of time of publication, a patched version is not available. |
Page 1 of 1.