CVE-2022-45526

Name of the Vulnerable Software and Affected Versions Future-Depth Institutional Management Website (IMS) version 1.0

Description The issue allows attackers to execute arbitrary commands via the ad parameter to "/admin area/login transfer.php" API endpoint. This enables attackers to potentially access and manipulate sensitive data.

Recommendations For Future-Depth Institutional Management Website (IMS) version 1.0, consider restricting access to the "/admin area/login transfer.php" API endpoint until a patch is available. As a temporary workaround, avoid using the ad parameter in the affected API endpoint to minimize the risk of exploitation.