CVE-2023-26784

Name of the Vulnerable Software and Affected Versions Kirin Fortress Machine version 1.7-2020-0610

Description A SQL Injection issue allows attackers to execute arbitrary code via the "/admin.php?controller=admin commonuser" API endpoint, specifically through the controller parameter. This enables attackers to potentially gain unauthorized access and manipulate data.

Recommendations For Kirin Fortress Machine version 1.7-2020-0610, consider restricting access to the "/admin.php?controller=admin commonuser" API endpoint until a patch is available. As a temporary workaround, avoid using the controller parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.