CVE-2024-2590

Name of the Vulnerable Software and Affected Versions AMSS++ version 4.31

Description The issue allows SQL injection through the /amssplus/modules/mail/main/select send.php endpoint, specifically in the sd index parameter. This could enable a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database.

Recommendations For AMSS++ version 4.31, consider disabling access to the /amssplus/modules/mail/main/select send.php endpoint until a patch is available. Additionally, restrict the use of the sd index parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.