CVE-2023-2420

Name of the Vulnerable Software and Affected Versions MLECMS version 3.0

Description A critical issue affects the get url function in the library /upload/inc/lib/admin of the file uploadincincludecommon.func.php. The manipulation of the argument $ SERVER['REQUEST URI'] leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For MLECMS version 3.0, consider disabling the get url function in the library /upload/inc/lib/admin until a patch is available to prevent SQL injection attacks. Restrict access to the file uploadincincludecommon.func.php to minimize the risk of exploitation. Avoid using the $ SERVER['REQUEST URI'] argument in the affected function until the issue is resolved.