CVE-2024-2585

Name of the Vulnerable Software and Affected Versions AMSS++ version 4.31

Description The issue allows SQL injection through the /amssplus/modules/book/main/select send 2.php API endpoint, specifically in the sd index parameter. This could enable a remote attacker to send a specially crafted SQL query to the server, potentially retrieving all information stored in the database.

Recommendations For AMSS++ version 4.31, as a temporary workaround, consider restricting access to the /amssplus/modules/book/main/select send 2.php API endpoint to minimize the risk of exploitation. Avoid using the sd index parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.