CVE-2023-42243

Name of the Vulnerable Software and Affected Versions Selesta Visual Access Manager versions prior to 4.42.2

Description The issue allows an authenticated user to access the administrative page "/common/vam Sql.php", which permits arbitrary SQL queries. This can be exploited by sending queries to the vam Sql.php page, potentially allowing unauthorized data access or modification.

Recommendations For versions prior to 4.42.2, update to version 4.42.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/common/vam Sql.php" page to minimize the risk of exploitation.