CVE-2023-42241

Name of the Vulnerable Software and Affected Versions Selesta Visual Access Manager (VAM) versions prior to 4.42.2

Description An issue was discovered in Selesta Visual Access Manager (VAM) where an authenticated attacker can perform SQL Injection in multiple POST parameters of "/vam/vam anagraphic.php". This allows for potential data manipulation.

Recommendations For versions prior to 4.42.2, update to version 4.42.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/vam/vam anagraphic.php" endpoint until a patch is available. Avoid using vulnerable POST parameters in the affected endpoint until the issue is resolved.