What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Melograno Venture Studio Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through <= 2.4.2.
Explanation of Vulnerability in Simple Terms
02Summary
Amelia versions 2.4.2 and earlier contain a SQL injection vulnerability accessible over the network without authentication. An attacker can craft malicious input to execute arbitrary SQL queries, potentially reading sensitive data from the database and disrupting service availability. The vulnerability affects multiple systems due to its changed scope.
What an attacker can do
03Attacker Capabilities
Execute SQL queries to read sensitive database information and cause service disruption.
Potential impact on your site
04Site Impact
Attackers can steal user data, credentials, and configuration from your database without logging in.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
July 13, 2026
CVE published