Key Information Vulnerability Type SQL Injection Vulnerability Affected Versions AuraMaster CMS 2.0.4 Vulnerability Description An SQL injection vulnerability exists in AuraMaster CMS, allowing attackers to execute arbitrary code by crafting malicious SQL statements. Vulnerability Details File Path: Parameter: Example Request: Exploitation Attackers can exploit this vulnerability to perform the following actions: - Retrieve sensitive information from the database - Execute arbitrary SQL commands - Remote code execution Remediation Implement strict validation and filtering of input parameters to prevent SQL injection attacks. Use prepared statements or parameterized queries when constructing SQL statements. Upgrade to the latest version of AuraMaster CMS to patch known security vulnerabilities. Reference Links CVE-2024-2240