2 matches found
CVE-2024-45264
Summary: CVE-2024-45264 is a CSRF vulnerability in the admin panel of SkySystem Arfa-CMS, prior to version 5.1.3124, enabling an attacker to add a new administrator and escalate privileges. Affected software: SkySystem Arfa-CMS.Vulnerable component: Admin panel exposed CSRF vulnerability.Root cau...
CVE-2024-45265
CVE-2024-45265 affects SkySystem Arfa-CMS before 5.1.3124. The vulnerability is a SQL injection in the poll component, exploitable via the psid parameter to allow remote attackers to execute arbitrary SQL commands. Root cause is improper handling of user-supplied psid data in the poll module, lea...