CVE-2024-2585 HIGH

CVE-2024-2585: SQL injection vulnerability in AMSS++

Vendor Amssplus
Product AMSS++
Weakness CWE-89 · SQLi
Published March 18, 2024
Last update August 15, 2024
View on NVD All CVEs

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

Key dates

02Disclosure timeline

March 18, 2024 CVE published
August 15, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-10137 code-projects Pharmacy Management System manage_medicine.php sql injection CVE-2026-3969 FeMiner wms Basic Organizational Structure depart_add_bg.php sql injection CVE-2023-5465 Popup with fancybox <= 3.5 - Authenticated (Subscriber+) SQL Injection via Shortcode CVE-2026-10186 code-projects Online Hospital Management System patient.php sql injection CVE-2024-8138 code-projects Pharmacy Management System Parameter index.php editManager sql injection