CVE-2023-3799

Name of the Vulnerable Software and Affected Versions IBOS OA version 4.5.5

Description A critical issue affects the processing of the file ?r=article/category/del in the Delete Category Handler component, leading to sql injection. The attack can be initiated remotely. The issue has been publicly disclosed.

Recommendations For IBOS OA version 4.5.5, as a temporary workaround, consider restricting access to the ?r=article/category/del file until a patch is available. Avoid using the Delete Category Handler component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.