CRITICAL🇵🇱 Wersja polska

CVE-2024-41702

CVSS 9.8v3.1pub. 2024-07-30upd. 2024-11-21

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

🤖 AI Analysis
How it works

The vulnerability results from improper neutralization of special characters in input data passed to SQL commands (Improper Neutralization of Special Elements used in an SQL Command). An attacker can inject malicious SQL code fragments into queries executed by the application, allowing manipulation of database logic. The attack requires no authentication or user interaction and can be carried out remotely over the network.

Impact

An attacker can gain unauthorized access to data stored in the database, modify or delete data, and potentially take control of the system, resulting in a complete breach of the application's confidentiality, integrity, and availability.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references provided. Additionally, it is recommended to restrict access to the application at the firewall level and implement WAF (Web Application Firewall) mechanisms as a temporary measure until the updates are applied.

Who is affected

SiberianCMS — versions specified in vendor references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Siberiancms

    APP
    Siberiancms
    < 5.0.11
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2023-39375HIGH7.5ten sam produkt

SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges

CVE-2023-39377HIGH7.2ten sam produkt

SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative...

CVE-2023-39378HIGH8.8ten sam produkt

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') b...

CVE-2025-1105MEDIUM5.3ten sam produkt

A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is s...

CVE-2023-39376MEDIUM6.5ten sam produkt

SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network...