CVE-2023-25432

Name of the Vulnerable Software and Affected Versions Online Reviewer Management System version 1.0

Description An issue was discovered in the Online Reviewer Management System, where a SQL injection can directly issue instructions to the background database system via the "reviewer 0/admins/assessments/course/course-update.php" API endpoint. The course-update.php endpoint is vulnerable, allowing potential exploitation.

Recommendations For Online Reviewer Management System version 1.0, as a temporary workaround, consider restricting access to the "reviewer 0/admins/assessments/course/course-update.php" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.