CVE-2018-15868

Name of the Vulnerable Software and Affected Versions ChronoScan versions 1.5.4.3 and earlier

Description The issue allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr machineid cookie. This enables the attacker to manipulate the database, potentially leading to data breaches or other malicious activities.

Recommendations For ChronoScan versions 1.5.4.3 and earlier, update to a version later than 1.5.4.3 to resolve the issue. As a temporary workaround, consider restricting access to the wcr machineid cookie to minimize the risk of exploitation.