Vulnerabilities > CVE-2024-2592 - Unspecified vulnerability in Amss++ Project Amss++ 4.31

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

amss-project

NVD

Published: 2024-03-18

Updated: 2025-04-17

Summary

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

Vulnerable Configurations

Part	Description	Count
Application	Amss\+\+_Project Amss++ Project Amss++ 4.31	1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss