CVE-2021-36520

Name of the Vulnerable Software and Affected Versions I-Tech Trainsmart version r1044

Description A SQL injection issue exists in I-Tech Trainsmart via the "evaluation/assign-evaluation?id=" URI. This allows for potential exploitation.

Recommendations For I-Tech Trainsmart version r1044, consider restricting access to the "evaluation/assign-evaluation?id=" URI until a patch is available. As a temporary workaround, avoid using the id variable in the affected URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.