CVE-2023-3621

Name of the Vulnerable Software and Affected Versions IBOS OA version 4.5.5

Description A critical issue has been found, affecting the createDeleteCommand function of the ?r=article/default/delete file in the Delete Packet component. This issue leads to SQL injection and can be exploited remotely. The exploit has been publicly disclosed.

Recommendations For IBOS OA version 4.5.5, as a temporary workaround, consider disabling the createDeleteCommand function until a patch is available. Restrict access to the ?r=article/default/delete endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.