CVE-2024-31212

{"id": "CVE-2024-31212", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-04-04T23:15:16.540", "references": [{"url": "https://github.com/instantsoft/icms2/blob/4691a1524780e74107f6009b48d91e17a81b0fa1/system/controllers/admin/actions/index_chart_data.php#L190", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/instantsoft/icms2/blob/4691a1524780e74107f6009b48d91e17a81b0fa1/system/core/model.php#L744", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/instantsoft/icms2/security/advisories/GHSA-qx95-w566-73fw", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://user-images.githubusercontent.com/109034767/300806111-a33d9548-d99f-4034-bef3-fbd7fa62c37f.png", "tags": ["Permissions Required"], "source": "security-advisories@github.com"}, {"url": "https://github.com/instantsoft/icms2/blob/4691a1524780e74107f6009b48d91e17a81b0fa1/system/controllers/admin/actions/index_chart_data.php#L190", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/instantsoft/icms2/blob/4691a1524780e74107f6009b48d91e17a81b0fa1/system/core/model.php#L744", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/instantsoft/icms2/security/advisories/GHSA-qx95-w566-73fw", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://user-images.githubusercontent.com/109034767/300806111-a33d9548-d99f-4034-bef3-fbd7fa62c37f.png", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-89"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in index_chart_data action, which receives an input from user and passes it unsanitized to the core model `filterFunc` function that further embeds this data in an SQL statement. This allows attackers to inject unwanted SQL code into the statement. The `period` should be escaped before inserting it in the query. As of time of publication, a patched version is not available."}, {"lang": "es", "value": "InstantCMS es un sistema de gesti\u00f3n de contenidos gratuito y de c\u00f3digo abierto. Una vulnerabilidad de inyecci\u00f3n SQL afecta a instantcms v2.16.2 en la que un atacante con privilegios administrativos puede hacer que la aplicaci\u00f3n ejecute c\u00f3digo SQL no autorizado. La vulnerabilidad existe en la acci\u00f3n index_chart_data, que recibe una entrada del usuario y la pasa sin desinfectar a la funci\u00f3n `filterFunc` del modelo central que incorpora a\u00fan m\u00e1s estos datos en una declaraci\u00f3n SQL. Esto permite a los atacantes inyectar c\u00f3digo SQL no deseado en la declaraci\u00f3n. Se debe utilizar un car\u00e1cter de escape antes de insertarlo en la consulta. Al momento de la publicaci\u00f3n, no hay una versi\u00f3n parcheada disponible."}], "lastModified": "2025-01-17T14:58:34.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:instantcms:instantcms:2.16.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A1E775E-E970-4F13-AC71-672490F0A69B"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}