CVE-2023-7145

Name of the Vulnerable Software and Affected Versions gopeak MasterLab versions up to 3.3.10

Description A critical vulnerability was found in the HTTP POST Request Handler component of gopeak MasterLab. This issue affects the sqlInject function in the file app/ctrl/Framework.php. The manipulation of the pwd argument leads to sql injection. The exploit has been disclosed to the public.

Recommendations For gopeak MasterLab versions up to 3.3.10, consider disabling the sqlInject function as a temporary workaround until a patch is available. Restrict access to the app/ctrl/Framework.php file to minimize the risk of exploitation. Avoid using the pwd argument in the affected HTTP POST Request Handler until the issue is resolved.