Approved changes feed: RSS · Atom
cpe:2.3:a:amssplus:amss_plus:4.31:*:*:*:*:*:*:*
part: a version: 4.31 update: *
| Vendor | Amssplus (4a0be946-8ccc-507e-9930-8c97de38883c) |
|---|---|
| Product | Amss Plus (b23204dc-5976-55b9-9893-f402f4ae1fb4) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-2599 |
vulnerable | 2026-06-08 06:33:31.620821 |
Unrestricted Upload of File with Dangerous Type vulnerability in AMSS++
CRITICAL (9.9)
File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.
Published: 2024-03-18T14:04:15.820Z
Updated: 2024-08-12T20:43:57.207Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2592 |
vulnerable | 2026-06-08 06:33:31.617974 |
SQL injection vulnerability in AMSS++
HIGH (8.2)
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
Published: 2024-03-18T13:57:36.960Z
Updated: 2024-08-28T15:39:21.612Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2591 |
vulnerable | 2026-06-08 06:33:31.613638 |
SQL injection vulnerability in AMSS++
HIGH (8.2)
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
Published: 2024-03-18T13:57:12.990Z
Updated: 2024-08-26T14:12:27.707Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2590 |
vulnerable | 2026-06-08 06:33:31.613138 |
SQL injection vulnerability in AMSS++
HIGH (8.2)
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
Published: 2024-03-18T13:56:46.326Z
Updated: 2024-08-12T20:45:12.288Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2589 |
vulnerable | 2026-06-08 06:33:31.612654 |
SQL injection vulnerability in AMSS++
HIGH (8.2)
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
Published: 2024-03-18T13:56:17.433Z
Updated: 2024-08-02T15:28:06.165Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2588 |
vulnerable | 2026-06-08 06:33:31.612296 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2586 |
vulnerable | 2026-06-08 06:33:31.611367 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2585 |
vulnerable | 2026-06-08 06:33:31.610867 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2584 |
vulnerable | 2026-06-08 06:33:31.608849 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.