CVE-2024-6734

Name of the Vulnerable Software and Affected Versions: Tailoring Management System version 1.0

Description: The issue is related to a lack of protection against SQL query structure exploitation in the templateadd.php file. This allows a remote attacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause a denial of service by sending specially crafted requests with the title and msg parameters. The manipulation of the title and msg arguments leads to SQL injection. The attack can be initiated remotely.

Recommendations: For Tailoring Management System version 1.0, consider disabling the templateadd.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the title and msg parameters in the affected API endpoint until the issue is resolved. Restrict access to the templateadd.php file to minimize the risk of exploitation.