CVE-2024-0526

Name of the Vulnerable Software and Affected Versions CXBSoft Url-shorting versions up to 1.3.1

Description A critical issue was found in the HTTP POST Request Handler component, specifically in the file /pages/short to long.php. The manipulation of the shorturl argument leads to SQL injection. The issue has been publicly disclosed and may be exploited. The vendor was contacted about this issue but did not respond.

Recommendations For versions up to 1.3.1, as a temporary workaround, consider restricting access to the /pages/short to long.php file or disabling the HTTP POST Request Handler component until a patch is available. Avoid using the shorturl argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.