CVE-2023-52285

Name of the Vulnerable Software and Affected Versions ExamSys version 9150244

Description The issue allows SQL Injection via the "/Support/action/Pages.php" endpoint, specifically through the s score2 parameter. This enables potential attackers to inject malicious SQL code, which could lead to unauthorized access or manipulation of sensitive data.

Recommendations For ExamSys version 9150244, consider restricting access to the "/Support/action/Pages.php" endpoint or avoiding the use of the s score2 parameter until a patch is available. As a temporary workaround, disabling the functionality related to this endpoint may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.