CVE-2023-38870

Name of the Vulnerable Software and Affected Versions gugoan Economizzer versions 0.9-beta1 and commit 3730880 (April 2023)

Description A SQL injection vulnerability exists in the cash book feature of gugoan Economizzer, specifically in the category id parameter, which is used to list accomplishments by category. This vulnerability allows for SQL injection attacks.

Recommendations For gugoan Economizzer version 0.9-beta1, consider disabling the feature to list accomplishments by category until a patch is available. For gugoan Economizzer commit 3730880 (April 2023), restrict access to the category id parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.