CVE-2024-2586

Name of the Vulnerable Software and Affected Versions AMSS++ version 4.31

Description The issue allows SQL injection through the /amssplus/index.php endpoint, specifically in the username parameter. This could enable a remote attacker to send a specially crafted SQL query to the server, potentially retrieving all information stored in the database.

Recommendations For AMSS++ version 4.31, consider disabling the /amssplus/index.php endpoint or restricting access to it until a patch is available. Additionally, avoid using the username parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.