CVE-2023-33180

Name of the Vulnerable Software and Affected Versions Xibo versions 3.2.0 through 3.3.2

Description A SQL injection issue was discovered in the /display/map API route, allowing an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values into the bounds parameter.

Recommendations For versions 3.2.0 through 3.3.2, upgrade to version 3.3.5 to resolve the issue. As a temporary workaround, consider restricting access to the /display/map API route until the upgrade is applied. Avoid using the bounds parameter in the affected API endpoint until the issue is resolved.