CVE-2022-29745

Name of the Vulnerable Software and Affected Versions Money Transfer Management System version 1.0

Description The issue concerns a SQL Injection vulnerability. It can be exploited via the "Master.php" file, specifically through the f parameter set to delete transaction, which is located at the "/mtms/classes/" endpoint, here referred to as "/mtms/classes/Master.php?f=delete transaction".

Recommendations For Money Transfer Management System version 1.0, as a temporary workaround, consider restricting access to the "/mtms/classes/Master.php" endpoint, specifically when the f parameter is set to delete transaction, until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.