CVE-2024-0525
CXBSoft Url-shorting up to 1.3.1 has a SQL injection in the HTTP POST Request Handler (file /pages/long_s_short.php) via the longurl parameter. The vulnerability is rated critical (CVSS 3.x: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) with remote exploitation disclosed publicly; vendor did not respond. ...