CVE-2022-4889

Name of the Vulnerable Software and Affected Versions visegripped Stracker (affected versions not specified)

Description A critical vulnerability was found in visegripped Stracker. The issue affects the getHistory function of the file doc root/public html/stracker/api.php. The manipulation of the arguments symbol, startDate, and endDate leads to SQL injection.

Recommendations To fix this issue, it is recommended to apply a patch. As a temporary workaround, consider disabling the getHistory function until a patch is available. Restrict access to the doc root/public html/stracker/api.php file to minimize the risk of exploitation. Avoid using the arguments symbol, startDate, and endDate in the affected API endpoint until the issue is resolved.