{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2024-12016", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2024-12-02T13:16:09.235Z", "datePublished": "2025-03-20T07:25:11.647Z", "dateUpdated": "2026-06-02T06:30:52.082Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-02T06:30:52.082Z" }, "title": "SQLi in CM Informatics' CM News", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE" } ] } ], "impacts": [ { "capecId": "CAPEC-66", "descriptions": [ { "lang": "en", "value": "CAPEC-66 SQL Injection" } ] } ], "affected": [ { "vendor": "CM Informatics", "product": "CM News", "versions": [ { "status": "affected", "version": "0", "lessThanOrEqual": "6.0", "versionType": "custom" } ], "defaultStatus": "affected" } ], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.\n\nThis issue affects CM News: through 6.0.\n\n\n\n\n\n\n\nNOTE: The vendor was contacted and it was learned that the product is not supported.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.
This issue affects CM News: through 6.0.
\n\n\n\nNOTE: The vendor was contacted and it was learned that the product is not supported.\n\n