CVE-2023-47438

Name of the Vulnerable Software and Affected Versions Reportico versions prior to 8.1.0

Description The issue allows attackers to obtain sensitive information or other system information via the project parameter. This is a SQL Injection vulnerability, which means attackers can inject malicious SQL code to manipulate the database and extract or modify sensitive data.

Recommendations For versions prior to 8.1.0, update to version 8.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the project parameter to minimize the risk of exploitation.