Critical severity9.8NVD Advisory· Published Mar 20, 2025· Updated Apr 15, 2026

CVE-2024-12016

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.This issue affects CM News: through 6.0.

NOTE: The vendor was contacted and it was learned that the product is not supported.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.usom.gov.tr/bildirim/tr-25-0072nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000