CVE-2023-36663

Name of the Vulnerable Software and Affected Versions openITCOCKPIT versions 4.6.4 through 4.6.4

Description The issue allows SQL Injection via the sort parameter of the API interface, which can be exploited by authenticated users.

Recommendations For openITCOCKPIT version 4.6.4, update to version 4.6.5 to resolve the issue. As a temporary workaround, consider restricting access to the API interface or avoiding the use of the sort parameter until the update is applied.