Zhicms · Zhicms · CVE-2024-2015
**Name of the Vulnerable Software and Affected Versions**
ZhiCms version 4.0
**Description**
A critical issue has been found in ZhiCms, affecting the `getindexdata` function of the file `app/index/controller/mcontroller.php`. The manipulation of the `key` argument leads to SQL injection. This issue can be exploited remotely.
**Recommendations**
For ZhiCms version 4.0, as a temporary workaround, consider restricting access to the `getindexdata` function until a patch is available. Additionally, avoid using the `key` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.