Crk · Crk Business Platform · CVE-2020-13968
**Name of the Vulnerable Software and Affected Versions**
CRK Business Platform versions prior to 2019.1
**Description**
The issue allows SQL statements to be injected against the database on any path using the `strSessao` parameter. This enables potential attackers to manipulate database queries, potentially leading to unauthorized data access or modification.
**Recommendations**
For CRK Business Platform versions prior to 2019.1, consider restricting access to the `strSessao` parameter to minimize the risk of SQL injection attacks until a patch or fix is available. Avoid using the `strSessao` parameter in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.