CVE-2024-2598

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/book/main/selectsend2.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially...

PT-2024-21181 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue allows SQL injection through the /amssplus/admin/index.php endpoint, in the id parameter. This could enable a remote attacker to send a specially crafted SQL query to the server and retrieve all the...

PT-2024-21212 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue allows SQL injection through the /amssplus/modules/person/pic show.php endpoint, in the person id parameter. This could enable a remote attacker to send a specially crafted SQL query to the server an...

PT-2024-21192 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue allows SQL injection through the /amssplus/modules/mail/main/select send.php endpoint, specifically in the sd index parameter. This could enable a remote attacker to send a specially crafted SQL quer...