CVE-2023-42405

Name of the Vulnerable Software and Affected Versions FIT2CLOUD RackShift version 1.7.1

Description The issue allows attackers to execute arbitrary code via the sort parameter to taskService.list(), bareMetalService.list(), and switchService.list() API endpoints. This enables attackers to potentially inject malicious SQL code, compromising the system's security.

Recommendations For FIT2CLOUD RackShift version 1.7.1, consider disabling the sort parameter in the taskService.list(), bareMetalService.list(), and switchService.list() functions until a patch is available. Restrict access to these API endpoints to minimize the risk of exploitation. Avoid using the sort parameter in these endpoints until the issue is resolved.