CVE-2024-2585

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/selectsend2.php, in the 'sdindex' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...

AMSS++ Cross-Site Scripting Vulnerability

AMSS++ is a tool for the office management support system of Amssplus. A cross-site scripting vulnerability exists in AMSS++ version 4.31, which stems from a cross-site scripting vulnerability in multiple parameters on the /amssplus/modules/mail/main/selectsend.php page...

AMSS++ SQL Injection Vulnerability

AMSS++ is a tool for the office management support system of Amssplus. An SQL injection vulnerability exists in AMSS++ version 4.31, which stems from an SQL injection vulnerability in the sdindex parameter of the /amssplus/modules/book/main/selectsend2.php page...

PT-2024-21254 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to insufficient encoding of user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through the /amssplus/modules/book/main/select send 2.php endpoint, in multiple...