CVE-2024-25400

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.2.1

Description The issue is related to a potential SQL injection vulnerability in the ia.core.mysqli.php component of the Subrion CMS system. This could allow a remote attacker to execute arbitrary SQL queries. However, it is noted that this vulnerability is disputed by multiple third parties due to the lack of a mechanism for accepting external input in the reportedly vulnerable PHP file and the absence of the vulnerable method in the file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.