CVE-2024-0528

Name of the Vulnerable Software and Affected Versions CXBSoft Post-Office version 1.0

Description A critical issue was found in the HTTP POST Request Handler component, specifically in the /admin/pages/update go.php file. The manipulation of the version argument leads to sql injection. The issue has been publicly disclosed and may be exploited. The vendor was contacted about this issue but did not respond.

Recommendations For CXBSoft Post-Office version 1.0, as a temporary workaround, consider restricting access to the /admin/pages/update go.php file until a patch is available. Avoid using the version argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.