CVE-2015-9457

Name of the Vulnerable Software and Affected Versions pretty-link plugin versions prior to 1.6.8

Description The issue concerns SQL injection via the group parameter in the PrliLinksController::list links function. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For versions prior to 1.6.8, update to version 1.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the PrliLinksController::list links function or avoiding the use of the group parameter until the update is applied.