CVE-2022-40347

Name of the Vulnerable Software and Affected Versions Intern Record System version 1.0

Description The issue allows attackers to execute arbitrary code and gain sensitive information through a SQL Injection vulnerability in the /intern/controller.php file, specifically in the phone, email, deptType, and name parameters.

Recommendations For Intern Record System version 1.0, consider disabling the vulnerable parameters phone, email, deptType, and name in the /intern/controller.php file until a patch is available. Restrict access to the /intern/controller.php file to minimize the risk of exploitation. Avoid using the parameters phone, email, deptType, and name in the affected API endpoint until the issue is resolved.