CVE-2024-0525

Name of the Vulnerable Software and Affected Versions CXBSoft Url-shorting versions up to 1.3.1

Description A critical issue has been found in the HTTP POST Request Handler component, specifically affecting the /pages/long s short.php file. The manipulation of the longurl argument leads to SQL injection. The issue has been publicly disclosed and may be exploited. The vendor was contacted about this issue but did not respond.

Recommendations For versions up to 1.3.1, as a temporary workaround, consider restricting the use of the longurl argument in the HTTP POST Request Handler until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.