CVE-2024-7101

Name of the Vulnerable Software and Affected Versions ForIP Tecnologia Administração PABX versions 1.x

Description A critical issue has been found in the Authentication Form component, affecting the /login file. The manipulation of the usuario argument leads to sql injection. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For ForIP Tecnologia Administração PABX versions 1.x, as a temporary workaround, consider restricting access to the /login file until a patch is available. Avoid using the usuario argument in the affected Authentication Form component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.