CVE-2023-30281

Name of the Vulnerable Software and Affected Versions scquickaccounting versions prior to 3.7.3

Description The issue is related to insecure permissions in the ps customer table, allowing unauthorized access to sensitive information such as name, surname, and email. This lack of permissions control can lead to a leak of personal information.

Recommendations For versions prior to 3.7.3, update to version 3.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the ps customer table to minimize the risk of exploitation.