CVE-2024-25400

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file.

Published: Feb 27, 2024
Updated: May 24, 2025
CVE: CVE-2024-25400
GHSA: GHSA-xxf8-fpmr-fw7v
Severity: Medium
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
intelliants / subrion	-	4.2.1.x
intelliants / subrion	4.2.1	4.2.1.x

https://cwe.mitre.org/data/definitions/89.html
https://github.com/intelliants/subrion/issues/910
https://subrion.org
https://subrion.org/

Vulnerability Database

CVE-2024-25400