CVE-2023-46956

Name of the Vulnerable Software and Affected Versions Packers and Movers Management System version 1.0

Description The issue allows a remote attacker to execute arbitrary code via a crafted payload to the "/mpms/admin/?page=user/manage user&id" API endpoint. This is achieved by exploiting a SQL injection vulnerability, which enables the attacker to inject malicious SQL code. The id variable in the API endpoint is potentially vulnerable to this type of attack.

Recommendations For Packers and Movers Management System version 1.0, consider disabling access to the "/mpms/admin/?page=user/manage user&id" API endpoint until a patch is available. Restrict the use of the id variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.