CVE-2023-42244

Name of the Vulnerable Software and Affected Versions Selesta Visual Access Manager (VAM) versions prior to 4.42.2

Description An issue was discovered in Selesta Visual Access Manager (VAM) where an authenticated attacker can perform SQL Injection in multiple POST parameters of the "/vam/vam visits.php" API endpoint. The POST parameters are vulnerable to this type of attack.

Recommendations For versions prior to 4.42.2, update to version 4.42.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/vam/vam visits.php" API endpoint to minimize the risk of exploitation.