CVE-2022-30809

Name of the Vulnerable Software and Affected Versions elitecms version 1.01

Description The issue concerns SQL Injection via the "/admin/edit page.php?page=" endpoint. This allows for potential manipulation of database queries. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For elitecms version 1.01, as a temporary workaround, consider restricting access to the "/admin/edit page.php?page=" endpoint until a patch is available. Avoid using the page variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.