Diyarsaadi

**Name of the Vulnerable Software and Affected Versions** Subrion CMS version 4.2.1 **Description** The issue is related to a potential SQL injection vulnerability in the ia.core.mysqli.php component of the Subrion CMS system. This could allow a remote attacker to execute arbitrary SQL queries. However, it is noted that this vulnerability is disputed by multiple third parties due to the lack of a mechanism for accepting external input in the reportedly vulnerable PHP file and the absence of the vulnerable method in the file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.