CVE-2023-1730

Name of the Vulnerable Software and Affected Versions SupportCandy versions prior to 3.1.5

Description The issue is related to the lack of validation and escaping of user input in SQL statements, which could allow unauthenticated attackers to perform SQL injection attacks. This could enable remote attackers to execute arbitrary SQL queries.

Recommendations For versions prior to 3.1.5, update to version 3.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the parse user filters function until a patch is available. Avoid using user input in SQL statements without proper validation and escaping.