CVE-2018-18755

Name of the Vulnerable Software and Affected Versions K-iwi Framework version 1775

Description The issue concerns SQL Injection, which can be exploited via specific parameters in certain endpoints. The vulnerable parameters are user group id in the "admin/user/group/update" endpoint and user id in the "admin/user/user/update" endpoint.

Recommendations For K-iwi Framework version 1775, avoid using the user group id parameter in the "admin/user/group/update" endpoint and the user id parameter in the "admin/user/user/update" endpoint until the issue is resolved. Consider restricting access to these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.