Critical severity9.8NVD Advisory· Published Mar 20, 2025· Updated Jun 2, 2026
CVE-2024-12016
CVE-2024-12016
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.
This issue affects CM News: through 6.0.
NOTE: The vendor was contacted and it was learned that the product is not supported.
Affected products
1- Range: <=6.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.