CVE-2021-41932

Name of the Vulnerable Software and Affected Versions TeamMate+ Audit version 28.0.19.0

Description A blind SQL injection vulnerability in the search form allows any authenticated user to create malicious SQL injections. This can result in complete database compromise, gaining information about other users, and unauthorized access to audit data.

Recommendations For TeamMate+ Audit version 28.0.19.0, consider disabling the search form functionality until a patch is available to prevent malicious SQL injections. Restrict access to the search form to minimize the risk of exploitation. Avoid using the search form with user-supplied input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.