CVE-2018-18801

Name of the Vulnerable Software and Affected Versions BSEN Ordering software version 1.0

Description The issue concerns SQL Injection. It can be exploited via the index.php endpoint, specifically through the id parameter in the URLs student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL]. The id parameter is vulnerable, allowing potential SQL injection attacks.

Recommendations For BSEN Ordering software version 1.0, consider restricting access to the index.php endpoint, specifically the id parameter, to minimize the risk of exploitation. Avoid using the id parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.