CVE-2024-48509

Name of the Vulnerable Software and Affected Versions Learning with Texts (LWT) version 2.0.3

Description The issue occurs due to the application's failure to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. This could lead to unauthorized access to the database, retrieval of sensitive information, modification or deletion of data, and execution of arbitrary commands.

Recommendations For Learning with Texts (LWT) version 2.0.3, consider implementing proper input sanitization to prevent SQL injection attacks. As a temporary workaround, restrict access to sensitive database operations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.