Liuqiba

**Name of the Vulnerable Software and Affected Versions** IBOS OA version 4.5.5 **Description** A critical vulnerability has been found in IBOS OA, affecting unknown code of the file `?r=dashboard/position/edit&op=member`. The manipulation leads to sql injection. The attack can be initiated remotely. **Recommendations** For IBOS OA version 4.5.5, as a temporary workaround, consider restricting access to the `?r=dashboard/position/edit&op=member` endpoint until a patch is available. Avoid using this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.