CVE-2024-12016

Name of the Vulnerable Software and Affected Versions CM News versions through 6.0

Description The issue affects CM News, allowing SQL Injection due to improper neutralization of special elements used in an SQL command. This enables attackers to execute malicious SQL commands. The vendor was contacted, and it was learned that the product is not supported.

Recommendations For CM News versions through 6.0, as a temporary workaround, consider restricting access to the SQL command functionality until a patch is available, but since the product is not supported, there is no information about a newer version that contains a fix for this vulnerability.