CVE-2017-14601

Name of the Vulnerable Software and Affected Versions Pragyan CMS version 3.0

Description The issue is related to a Boolean-based SQL injection, which can lead to Information Disclosure. This occurs in the cms/admin.lib.php file via the forwhat variable in the $ GET request.

Recommendations For Pragyan CMS version 3.0, consider restricting access to the cms/admin.lib.php file until a patch is available. As a temporary workaround, avoid using the forwhat variable in the affected API endpoint to minimize the risk of exploitation.