CVE-2023-4037

Name of the Vulnerable Software and Affected Versions Conacwin version 3.7.1.2

Description A blind SQL injection issue exists in the Conacwin web interface, allowing a local attacker to obtain sensitive database data by sending a specially crafted SQL query to the xml parameter. This could potentially lead to the exposure of sensitive information.

Recommendations For Conacwin version 3.7.1.2, consider restricting access to the xml parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the xml parameter in the affected web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.