CVE-2024-0530

Name of the Vulnerable Software and Affected Versions CXBSoft Post-Office versions up to 1.0

Description A critical issue was found in the HTTP POST Request Handler component, specifically in the file /apps/reg go.php. The manipulation of the username reg argument leads to sql injection. The issue has been publicly disclosed and may be exploited. The vendor was contacted about this disclosure but did not respond.

Recommendations For versions up to 1.0, consider disabling the username reg argument in the /apps/reg go.php file to prevent sql injection until a patch is available. Restrict access to the HTTP POST Request Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.