CVE-2023-27463

Name of the Vulnerable Software and Affected Versions RUGGEDCOM CROSSBOW versions prior to V5.3

Description A vulnerability has been identified in the audit log form of RUGGEDCOM CROSSBOW, which is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database. The issue is related to the lack of protection of the SQL query structure, allowing a remote attacker to exploit the vulnerability and execute arbitrary SQL queries.

Recommendations For versions prior to V5.3, update to version V5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the audit log form to minimize the risk of exploitation. Avoid using the audit log form until the issue is resolved.