CVE-2024-2592

Name of the Vulnerable Software and Affected Versions AMSS++ version 4.31

Description The issue allows SQL injection through the /amssplus/modules/person/pic show.php endpoint, in the person id parameter. This could enable a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database.

Recommendations For AMSS++ version 4.31, consider disabling access to the /amssplus/modules/person/pic show.php endpoint until a patch is available. Restrict the use of the person id parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.