Kuppamjohari

Name of the Vulnerable Software and Affected Versions: Advaya Softech GEMS ERP Portal version 2.1 Description: A critical issue was found in the software, affecting an unknown part of the file "/studentLogin/studentLogin.action". The manipulation of the `userId` argument leads to SQL injection. It is possible to initiate the attack remotely. Recommendations: For Advaya Softech GEMS ERP Portal version 2.1, consider restricting access to the "/studentLogin/studentLogin.action" endpoint until a patch is available. As a temporary workaround, avoid using the `userId` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.