CVE-2023-4851

Name of the Vulnerable Software and Affected Versions IBOS OA version 4.5.5

Description A critical vulnerability has been found in IBOS OA, affecting unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely.

Recommendations For IBOS OA version 4.5.5, as a temporary workaround, consider restricting access to the ?r=dashboard/position/edit&op=member endpoint until a patch is available. Avoid using this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.