CVE-2023-7299

Name of the Vulnerable Software and Affected Versions DataGear versions up to 4.60

Description A critical issue affects the unknown code of the file /dataSet/resolveSql, where the manipulation of the sql argument leads to sql injection. The attack can be initiated remotely. Upgrading to version 4.7.0 addresses this issue.

Recommendations For DataGear versions up to 4.60, upgrade to version 4.7.0 to address the issue. As a temporary workaround, consider restricting access to the /dataSet/resolveSql file to minimize the risk of exploitation. Avoid using the sql argument in the affected file until the issue is resolved.