CVE-2023-46581

Name of the Vulnerable Software and Affected Versions Inventory Management version 1.0

Description The issue allows a local attacker to execute arbitrary code via the name, uname, and email parameters in the "registration.php" component. This is a SQL injection vulnerability.

Recommendations For Inventory Management version 1.0, avoid using the name, uname, and email parameters in the registration.php component until a fix is available. As a temporary workaround, consider restricting access to the registration.php component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.