CVE-2023-42248

Name of the Vulnerable Software and Affected Versions Selesta Visual Access Manager (VAM) versions prior to 4.42.2

Description An issue was discovered in Selesta Visual Access Manager (VAM) where an authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam Sql.php".

Recommendations For versions prior to 4.42.2, update to version 4.42.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "common/vam Sql.php" page until a patch is available. Avoid using manipulated POST parameters in the affected page until the issue is resolved.