CVE-2024-25400

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
27/02/2024
Last modified:
23/05/2025

Description

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:intelliants:subrion:4.2.1:*:*:*:*:*:*:*