CVE-2024-30950

Name of the Vulnerable Software and Affected Versions FUDforum version 3.1.3

Description A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under the "/adm/admsql.php" API endpoint. The SQL statements field is vulnerable to injection, enabling attackers to inject malicious scripts.

Recommendations For FUDforum version 3.1.3, as a temporary workaround, consider restricting access to the "/adm/admsql.php" API endpoint until a patch is available. Avoid injecting crafted payloads into the SQL statements field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.