CVE-2022-31788

Name of the Vulnerable Software and Affected Versions IdeaLMS version 2022

Description The issue allows SQL injection via the "IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID=" pathname, specifically targeting the ClassID variable. This could potentially lead to unauthorized access or manipulation of data.

Recommendations For IdeaLMS version 2022, as a temporary workaround, consider restricting access to the vulnerable pathname "IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID=" until a patch is available. Avoid using the ClassID variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.