Approved changes feed: RSS · Atom

cpe:2.3:a:amssplus:amss_plus:4.31:*:*:*:*:*:*:*

part: a version: 4.31 update: *

VendorAmssplus (4a0be946-8ccc-507e-9930-8c97de38883c)
ProductAmss Plus (b23204dc-5976-55b9-9893-f402f4ae1fb4)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-2599 vulnerable 2026-06-08 06:33:31.620821 Unrestricted Upload of File with Dangerous Type vulnerability in AMSS++
CRITICAL (9.9)
File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.
Published: 2024-03-18T14:04:15.820Z
Updated: 2024-08-12T20:43:57.207Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2592 vulnerable 2026-06-08 06:33:31.617974 SQL injection vulnerability in AMSS++
HIGH (8.2)
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
Published: 2024-03-18T13:57:36.960Z
Updated: 2024-08-28T15:39:21.612Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2591 vulnerable 2026-06-08 06:33:31.613638 SQL injection vulnerability in AMSS++
HIGH (8.2)
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
Published: 2024-03-18T13:57:12.990Z
Updated: 2024-08-26T14:12:27.707Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2590 vulnerable 2026-06-08 06:33:31.613138 SQL injection vulnerability in AMSS++
HIGH (8.2)
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
Published: 2024-03-18T13:56:46.326Z
Updated: 2024-08-12T20:45:12.288Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2589 vulnerable 2026-06-08 06:33:31.612654 SQL injection vulnerability in AMSS++
HIGH (8.2)
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
Published: 2024-03-18T13:56:17.433Z
Updated: 2024-08-02T15:28:06.165Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2588 vulnerable 2026-06-08 06:33:31.612296 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2586 vulnerable 2026-06-08 06:33:31.611367 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2585 vulnerable 2026-06-08 06:33:31.610867 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2584 vulnerable 2026-06-08 06:33:31.608849 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.