CVE-2021-46459

Name of the Vulnerable Software and Affected Versions Victor CMS version 1.0

Description The issue concerns SQL injection vulnerabilities found in the admin/users.php component, specifically when the source parameter is set to add user. These vulnerabilities can be exploited through a crafted POST request by manipulating the user name, user firstname, user lastname, or user email parameters.

Recommendations For Victor CMS version 1.0, as a temporary workaround, consider restricting access to the admin/users.php component, specifically the "add user" source, until a patch is available. Avoid using the user name, user firstname, user lastname, or user email parameters in the affected API endpoint until the issue is resolved.