CVE-2024-0342

Name of the Vulnerable Software and Affected Versions Inis versions up to 2.0.1

Description A critical issue has been found in Inis, affecting an unknown function of the file /app/api/controller/default/Sqlite.php. The manipulation of the sql argument leads to sql injection.

Recommendations For Inis versions up to 2.0.1, consider restricting access to the /app/api/controller/default/Sqlite.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the sql argument in the affected function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.