CVE-2023-4741

Name of the Vulnerable Software and Affected Versions IBOS OA version 4.5.5

Description A critical issue has been found in the Delete Logs Handler component, specifically affecting the file ?r=diary/default/del. This issue leads to sql injection and can be initiated remotely. The manipulation of unknown code in this component is the cause of the problem.

Recommendations For IBOS OA version 4.5.5, consider restricting access to the ?r=diary/default/del file until a patch is available. As a temporary workaround, avoid using the Delete Logs Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.