CVE-2023-7144

Name of the Vulnerable Software and Affected Versions gopeak MasterLab versions up to 3.3.10

Description A critical vulnerability has been found in the HTTP POST Request Handler component of gopeak MasterLab. This issue affects the sqlInject function of the file app/ctrl/framework/Feature.php. The manipulation of the pwd argument leads to sql injection. The exploit has been disclosed to the public and may be used.

Recommendations For gopeak MasterLab versions up to 3.3.10, consider disabling the sqlInject function until a patch is available. Restrict access to the HTTP POST Request Handler component to minimize the risk of exploitation. Avoid using the pwd argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.