CVE-2024-12895

Name of the Vulnerable Software and Affected Versions TreasureHuntGame TreasureHunt up to 963e0e0

Description A critical vulnerability has been found in TreasureHuntGame TreasureHunt. The issue affects the console log function of the file TreasureHunt/checkflag.php. The manipulation of the problema argument leads to SQL injection. This attack can be launched remotely.

Recommendations To fix this issue, it is recommended to apply a patch. Specifically, for versions up to 963e0e0, applying the patch with the identifier 8bcc649abc35b7734951be084bb522a532faac4e is advised. As a temporary workaround, consider restricting access to the console log function in the TreasureHunt/checkflag.php file until the patch is applied. Additionally, avoid using the problema argument in the affected function until the issue is resolved.