CVE-2024-2584

Name of the Vulnerable Software and Affected Versions AMSS++ version 4.31

Description The issue allows SQL injection through the "/amssplus/modules/book/main/select send.php" API endpoint, specifically in the sd index parameter. This could enable a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database.

Recommendations For AMSS++ version 4.31, consider disabling access to the "/amssplus/modules/book/main/select send.php" endpoint until a patch is available, or restrict the use of the sd index parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.