CVE-2024-3816
CRITICALconceptintermedia s@m_cms < 3.3 - SQL Injection via Search Bar
Title source: llmDescription
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection executed using the search bar. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
https://cert.pl/en/posts/2024/06/CVE-2024-3800
Third Party Advisory third-party-advisory
https://cert.pl/posts/2024/06/CVE-2024-3800
Scores
CVSS v3
9.8
EPSS
0.0048
EPSS Percentile
38.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
conceptintermedia/s\@m_cms
< 3.3
Published
Jun 28, 2024
Tracked Since
Feb 18, 2026