Unknown · Money Manager Ex Webapp · CVE-2024-41618
**Name of the Vulnerable Software and Affected Versions**
Money Manager EX WebApp (web-money-manager-ex) version 1.2.2
**Description**
The issue is due to improper sanitization of user input in the `TrDeleteArr` parameter, which is directly incorporated into an SQL query. This occurs in the `transaction delete group` function, allowing for SQL Injection.
**Recommendations**
For Money Manager EX WebApp (web-money-manager-ex) version 1.2.2, as a temporary workaround, consider disabling the `transaction delete group` function until a patch is available. Restrict access to the `TrDeleteArr` parameter to minimize the risk of exploitation.