CVE-2024-2589

Name of the Vulnerable Software and Affected Versions AMSS++ version 4.31

Description The issue allows SQL injection through the "/amssplus/modules/book/main/bookdetail school person.php" endpoint, in multiple parameters. This could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database.

Recommendations For AMSS++ version 4.31, as a temporary workaround, consider restricting access to the "/amssplus/modules/book/main/bookdetail school person.php" endpoint until a patch is available. Avoid using vulnerable parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.