CVE-2023-4407

Name of the Vulnerable Software and Affected Versions Codecanyon Credit Lite version 1.5.4

Description A critical vulnerability was found in the component POST Request Handler, specifically in the file /portal/reports/account statement. The manipulation of the date1 and date2 arguments leads to SQL injection. The attack can be launched remotely.

Recommendations For Codecanyon Credit Lite version 1.5.4, consider disabling the /portal/reports/account statement endpoint until a patch is available. Restrict access to the POST Request Handler component to minimize the risk of exploitation. Avoid using the date1 and date2 arguments in the affected endpoint until the issue is resolved.