{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T03:34:24.122","vulnerabilities":[{"cve":{"id":"CVE-2024-31212","sourceIdentifier":"security-advisories@github.com","published":"2024-04-04T23:15:16.540","lastModified":"2025-01-17T14:58:34.137","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in index_chart_data action, which receives an input from user and passes it unsanitized to the core model `filterFunc` function that further embeds this data in an SQL statement. This allows attackers to inject unwanted SQL code into the statement. The `period` should be escaped before inserting it in the query. As of time of publication, a patched version is not available."},{"lang":"es","value":"InstantCMS es un sistema de gestión de contenidos gratuito y de código abierto. Una vulnerabilidad de inyección SQL afecta a instantcms v2.16.2 en la que un atacante con privilegios administrativos puede hacer que la aplicación ejecute código SQL no autorizado. La vulnerabilidad existe en la acción index_chart_data, que recibe una entrada del usuario y la pasa sin desinfectar a la función `filterFunc` del modelo central que incorpora aún más estos datos en una declaración SQL. Esto permite a los atacantes inyectar código SQL no deseado en la declaración. Se debe utilizar un carácter de escape antes de insertarlo en la consulta. Al momento de la publicación, no hay una versión parcheada disponible."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:instantcms:instantcms:2.16.2:*:*:*:*:*:*:*","matchCriteriaId":"6A1E775E-E970-4F13-AC71-672490F0A69B"}]}]}],"references":[{"url":"https://github.com/instantsoft/icms2/blob/4691a1524780e74107f6009b48d91e17a81b0fa1/system/controllers/admin/actions/index_chart_data.php#L190","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/instantsoft/icms2/blob/4691a1524780e74107f6009b48d91e17a81b0fa1/system/core/model.php#L744","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/instantsoft/icms2/security/advisories/GHSA-qx95-w566-73fw","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://user-images.githubusercontent.com/109034767/300806111-a33d9548-d99f-4034-bef3-fbd7fa62c37f.png","source":"security-advisories@github.com","tags":["Permissions Required"]},{"url":"https://github.com/instantsoft/icms2/blob/4691a1524780e74107f6009b48d91e17a81b0fa1/system/controllers/admin/actions/index_chart_data.php#L190","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://github.com/instantsoft/icms2/blob/4691a1524780e74107f6009b48d91e17a81b0fa1/system/core/model.php#L744","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://github.com/instantsoft/icms2/security/advisories/GHSA-qx95-w566-73fw","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://user-images.githubusercontent.com/109034767/300806111-a33d9548-d99f-4034-bef3-fbd7fa62c37f.png","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]}]}}]}