Moderate severityNVD Advisory· Published Feb 27, 2024· Updated May 15, 2025
CVE-2024-25400
CVE-2024-25400
Description
Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
intelliants/subrionPackagist | <= 4.2.1 | — |
Affected products
2- Subrion/Subrion CMSdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-xxf8-fpmr-fw7vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-25400ghsaADVISORY
- cwe.mitre.org/data/definitions/89.htmlghsaWEB
- github.com/intelliants/subrion/issues/910ghsaWEB
- subrion.orgghsaWEB
News mentions
0No linked articles in our index yet.