CVE advisoryCRITICAL
CVE-2024-12016
SQL Injection Risk for CM News.
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in CM News, a content management system, allows for SQL injection, potentially leading to unauthorized data access or modification. As the product is no longer supported by the vendor, organizations using it face ongoing business risk and data compromise.