CVE-2021-4290

Name of the Vulnerable Software and Affected Versions DHBW Fallstudie (affected versions not specified)

Description A critical issue was found in DHBW Fallstudie, affecting an unknown functionality of the file app/config/passport.js in the Login component. The manipulation of the id/email argument leads to SQL injection.

Recommendations To fix this issue, it is recommended to apply a patch with the name 5c13c6a972ef4c07c5f35b417916e0598af9e123. As a temporary workaround, consider restricting access to the id/email argument in the affected Login component to minimize the risk of exploitation.