CVE-2023-42239

Name of the Vulnerable Software and Affected Versions Selesta Visual Access Manager (VAM) versions prior to 4.42.2

Description An issue was discovered in Selesta Visual Access Manager (VAM) where an authenticated attacker can perform SQL Injection in multiple POST parameters of the "/vam/vam ep.php" API endpoint.

Recommendations For versions prior to 4.42.2, update to version 4.42.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/vam/vam ep.php" API endpoint to minimize the risk of exploitation. Avoid using vulnerable POST parameters in the affected API endpoint until the issue is resolved.