CVE-2023-5020

Name of the Vulnerable Software and Affected Versions 07FLY CRM V2

Description A critical issue has been found in the Administrator Login Page component, specifically affecting the /index.php/sysmanage/Login/login auth/ file. The manipulation of the account argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For 07FLY CRM V2, as a temporary workaround, consider restricting access to the /index.php/sysmanage/Login/login auth/ file until a patch is available. Avoid using the account argument in the affected login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.