CVE-2023-42237

Name of the Vulnerable Software and Affected Versions Selesta Visual Access Manager (VAM) versions prior to 4.42.2

Description An issue was discovered in Selesta Visual Access Manager (VAM) where an authenticated attacker can perform SQL Injection in multiple GET parameters of "/vam/vam i command.php".

Recommendations For versions prior to 4.42.2, update to version 4.42.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/vam/vam i command.php" endpoint until a patch is available. Avoid using vulnerable GET parameters in the affected endpoint until the issue is resolved.