CVE-2024-50584 Information

Description

An authenticated attacker with the user/role \Poweruser\ can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. The emplates\ parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the JSON syntax of the templates parameter.

Reference

https://r.sec-consult.com/imageaccess https://www.imageaccess.de/?page=SupportPortal&lang=en