Minimoagoni

**Name of the Vulnerable Software and Affected Versions** IBOS OA version 4.5.5 **Description** A critical issue has been found in the Interview Management Export component, specifically affecting the `actionExport` function of the file `?r=recruit/interview/export&interviews=x`. The manipulation of the `interviews` argument leads to SQL injection. The exploit has been disclosed publicly and may be used. The vendor was contacted about this issue but did not respond. **Recommendations** For IBOS OA version 4.5.5, as a temporary workaround, consider restricting access to the `actionExport` function of the Interview Management Export component to minimize the risk of exploitation. Avoid using the `interviews` argument in the affected file `?r=recruit/interview/export&interviews=x` until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.