CVE-2023-5300

Name of the Vulnerable Software and Affected Versions TTSPlanning versions up to 20230925

Description A critical vulnerability has been found in TTSPlanning, affecting an unknown part. The manipulation of the uid argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 20230925, as a temporary workaround, consider restricting access to the uid argument to minimize the risk of SQL injection until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.