CVE-2022-2688

Name of the Vulnerable Software and Affected Versions SourceCodester Expense Management System (affected versions not specified)

Description A critical issue affects the function fetch report credit of the file report.php in the component POST Parameter Handler. The manipulation of the argument from/to leads to SQL injection. The attack may be initiated remotely.

Recommendations As a temporary workaround, consider disabling the fetch report credit function until a patch is available. Restrict access to the report.php file to minimize the risk of exploitation. Avoid using the from/to argument in the affected POST Parameter Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.