CVE-2023-3449

Name of the Vulnerable Software and Affected Versions IBOS OA version 4.5.5

Description A critical issue has been found in the Interview Management Export component, specifically affecting the actionExport function of the file ?r=recruit/interview/export&interviews=x. The manipulation of the interviews argument leads to SQL injection. The exploit has been disclosed publicly and may be used. The vendor was contacted about this issue but did not respond.

Recommendations For IBOS OA version 4.5.5, as a temporary workaround, consider restricting access to the actionExport function of the Interview Management Export component to minimize the risk of exploitation. Avoid using the interviews argument in the affected file ?r=recruit/interview/export&interviews=x until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.