Critical severityNVD Advisory· Published Dec 11, 2025· Updated Apr 15, 2026

CVE-2024-58301

Description

Purei CMS 1.0 contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through unfiltered user input parameters. Attackers can exploit vulnerable endpoints like getAllParks.php and events-ajax.php by injecting crafted SQL payloads to potentially extract or modify database information.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

purei.comnvd
www.exploit-db.com/exploits/51929nvd
www.vulncheck.com/advisories/purei-cms-sql-injection-via-multiple-vulnerable-endpointsnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000