CVE-2024-49615

Name of the Vulnerable Software and Affected Versions Henrique Rodrigues SafetyForms versions n/a through 1.0.0

Description A Cross-Site Request Forgery (CSRF) issue allows Blind SQL Injection. This means an attacker can trick a user into performing unintended actions on the web application, potentially leading to unauthorized data access or modification. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

The issue involves a CSRF vulnerability that can be used to perform Blind SQL Injection. This can be achieved through specific API Endpoints, although the exact endpoints are not specified. The vulnerability may involve manipulating certain variables or parameters, but the specific names of these are not provided.

Recommendations For Henrique Rodrigues SafetyForms versions n/a through 1.0.0, consider disabling any functionality that may be related to the CSRF vulnerability until a patch is available. Restrict access to any potentially vulnerable modules or functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.