Unknown · Openitcockpit · CVE-2023-36663
**Name of the Vulnerable Software and Affected Versions**
openITCOCKPIT versions 4.6.4 through 4.6.4
**Description**
The issue allows SQL Injection via the `sort` parameter of the API interface, which can be exploited by authenticated users.
**Recommendations**
For openITCOCKPIT version 4.6.4, update to version 4.6.5 to resolve the issue.
As a temporary workaround, consider restricting access to the API interface or avoiding the use of the `sort` parameter until the update is applied.