CVE-2023-1747

Name of the Vulnerable Software and Affected Versions IBOS versions up to 4.5.4

Description A critical vulnerability has been found in an unknown functionality of the file /?r=email/api/mark&op=delFromSend. The manipulation of the emailids argument leads to sql injection. The attack can be launched remotely. Upgrading to version 4.5.5 is able to address this issue.

Recommendations For IBOS versions up to 4.5.4, upgrade to version 4.5.5 to address the issue. As a temporary workaround, consider restricting access to the /?r=email/api/mark&op=delFromSend endpoint until the upgrade is applied. Avoid using the emailids argument in the affected endpoint until the issue is resolved.