CVE-2023-1742

Name of the Vulnerable Software and Affected Versions IBOS version 4.5.5

Description A critical issue affects some unknown functionality of the file "/?r=report/api/getlist" of the component Report Search, leading to sql injection. The attack may be launched remotely.

Recommendations For IBOS version 4.5.5, as a temporary workaround, consider restricting access to the "/?r=report/api/getlist" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.