CVE-2023-2681

Name of the Vulnerable Software and Affected Versions Jorani version 1.0.0

Description An SQL Injection issue has been found, allowing an authenticated remote user with low privileges to send queries with malicious SQL code on the "/leaves/validate" path and the id parameter. This enables the extraction of arbitrary information from the database.

Recommendations For Jorani version 1.0.0, as a temporary workaround, consider restricting access to the "/leaves/validate" path and the id parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.