CVE-2024-35475

Name of the Vulnerable Software and Affected Versions OpenKM Community Edition versions 6.3.12 and earlier

Description A Cross-Site Request Forgery (CSRF) issue was found in the "admin/DatabaseQuery" endpoint, allowing an attacker to manipulate a victim with administrative privileges into executing arbitrary SQL commands.

Recommendations For OpenKM Community Edition versions 6.3.12 and earlier, update to a version later than 6.3.12 to resolve the issue. As a temporary workaround, consider restricting access to the "/admin/DatabaseQuery" endpoint to minimize the risk of exploitation.