CVE-2017-20163

Name of the Vulnerable Software and Affected Versions Red Snapper NView (affected versions not specified)

Description A critical vulnerability has been found in Red Snapper NView. This issue affects the mutate function of the file src/Session.php. The manipulation of the session argument leads to SQL injection.

Recommendations Apply a patch to fix this issue. The patch is identified by the name cbd255f55d476b29e5680f66f48c73ddb3d416a8. As a temporary workaround, consider disabling the mutate function until a patch is available. Restrict access to the src/Session.php file to minimize the risk of exploitation. Avoid using the session argument in the affected function until the issue is resolved.