The vulnerability CVE-2024-49621 affects the APA Register Newsletter Form by aatmaadhikari, specifically versions up to 1.0.0. It is a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to trick a user into submitting unauthorized requests. This CSRF flaw facilitates SQL Injection attacks through the newsletter form, potentially allowing an attacker to access or manipulate the backend database. The CVSS 3.1 base score is 8.2, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, high confidentiality impact, no integrity impact, and low availability impact. No patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation could allow an attacker to perform SQL Injection via the newsletter form by leveraging CSRF, potentially leading to unauthorized disclosure of sensitive data (high confidentiality impact). The integrity of data is not directly impacted according to the CVSS vector, and availability impact is low. The vulnerability can be exploited remotely without privileges but requires user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should consider disabling or restricting access to the affected newsletter form to prevent exploitation. Monitor official vendor channels for updates and apply patches promptly once released.