CVE-2023-3826

Name of the Vulnerable Software and Affected Versions IBOS OA version 4.5.5

Description A critical issue has been found in the Interview Handler component, specifically in the file /api/v1/recruit/resume/edit&op=status. The manipulation of the resumeid argument leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed publicly.

Recommendations For IBOS OA version 4.5.5, as a temporary workaround, consider restricting access to the /api/v1/recruit/resume/edit&op=status endpoint until a patch is available. Additionally, avoid using the resumeid argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.