CVE-2024-2591

Name of the Vulnerable Software and Affected Versions AMSS++ version 4.31

Description The issue allows SQL injection through the /amssplus/modules/book/main/bookdetail group.php endpoint, in multiple parameters. This could enable a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database.

Recommendations For AMSS++ version 4.31, consider disabling access to the /amssplus/modules/book/main/bookdetail group.php endpoint until a patch is available. Restrict input to parameters in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.