CVE-2024-45265

Name of the Vulnerable Software and Affected Versions SkySystem Arfa-CMS versions prior to 5.1.3124

Description A SQL injection issue in the poll component allows remote attackers to execute arbitrary SQL commands via the psid parameter. This enables attackers to manipulate database queries, potentially leading to unauthorized data access or modification.

Recommendations For versions prior to 5.1.3124, update to version 5.1.3124 or later to resolve the issue. As a temporary workaround, consider restricting access to the poll component until a patch is applied. Avoid using the psid parameter in affected components until the issue is resolved.