CVE-2022-31961

Name of the Vulnerable Software and Affected Versions Rescue Dispatch Management System version 1.0

Description The issue concerns SQL Injection via the /rdms/admin/incidents/manage incident.php endpoint, specifically the id parameter. This allows for potential unauthorized access and manipulation of data. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations For Rescue Dispatch Management System version 1.0, as a temporary workaround, consider restricting access to the /rdms/admin/incidents/manage incident.php endpoint until a patch is available. Avoid using the id parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.