CVE-2024-12894

Name of the Vulnerable Software and Affected Versions TreasureHuntGame TreasureHunt up to 963e0e0

Description A critical issue was found in TreasureHuntGame TreasureHunt, affecting an unknown function of the file TreasureHunt/acesso.php. The manipulation of the usuario argument leads to SQL injection. It is possible to launch the attack remotely. This product uses a rolling release for continuous delivery, and therefore, no version details for affected or updated releases are available.

Recommendations To fix this issue, it is recommended to apply a patch. Specifically, the patch named 8bcc649abc35b7734951be084bb522a532faac4e should be applied. As a temporary workaround, consider restricting access to the vulnerable function in the TreasureHunt/acesso.php file until the patch is applied. Additionally, avoid using the usuario argument in the affected file to minimize the risk of exploitation.