CVE-2025-48701

Name of the Vulnerable Software and Affected Versions openDCIM versions prior to 23.05

Description The issue allows SQL injection in people depts.php because prepared statements are not used. This could potentially lead to unauthorized access or manipulation of data.

Recommendations For openDCIM versions prior to 23.05, consider updating to a version that utilizes prepared statements to prevent SQL injection. As a temporary workaround, restrict access to the people depts.php file to minimize the risk of exploitation.