CVE-2023-2107

Name of the Vulnerable Software and Affected Versions IBOS version 4.5.5

Description A critical issue was found in an unknown function of the file "file/personal/del&op=recycle". The manipulation of the argument fids leads to sql injection. It is possible to launch the attack remotely.

Recommendations For IBOS version 4.5.5, as a temporary workaround, consider restricting access to the file "file/personal/del&op=recycle" and avoid using the argument fids until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.