CVE-2017-11445

Name of the Vulnerable Software and Affected Versions Subrion CMS versions prior to 4.1.6

Description The issue is related to a SQL injection vulnerability. It affects the /front/actions.php endpoint via the $ POST array.

Recommendations For versions prior to 4.1.6, update to version 4.1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the /front/actions.php endpoint until the update is applied. Avoid using user-supplied input in the $ POST array for this endpoint until the issue is resolved.