CVE-2023-3682

Name of the Vulnerable Software and Affected Versions Nesote Inout Blockchain EasyPayments version 1.0

Description A critical issue was found in the POST Parameter Handler component of the /index.php/payment/getcoinaddress file. The manipulation of the coinid argument leads to sql injection, allowing for remote attacks. The vendor was contacted about this disclosure but did not respond.

Recommendations For Nesote Inout Blockchain EasyPayments version 1.0, as a temporary workaround, consider restricting access to the /index.php/payment/getcoinaddress file or disabling the unknown function that handles the coinid argument until a patch is available. Avoid using the coinid argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.