CVE-2023-42235

Name of the Vulnerable Software and Affected Versions Selesta Visual Access Manager (VAM) versions prior to 4.42.2

Description An issue was discovered in Selesta Visual Access Manager (VAM) where an authenticated attacker can perform SQL Injection in multiple parameters of the "/monitor/s normalizedtrans.php" API endpoint.

Recommendations For versions prior to 4.42.2, update to version 4.42.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/monitor/s normalizedtrans.php" API endpoint to minimize the risk of exploitation.