Name of the Vulnerable Software and Affected Versions:

deerwms deer-wms-2 versions 2.0 through 3.3

Description:

A critical issue exists in deerwms deer-wms-2. The vulnerability is due to a SQL injection flaw within an unknown function of the `/system/dept/edit` API endpoint. The `ancestors` parameter is susceptible to manipulation, potentially allowing for remote exploitation. The exploit has been publicly disclosed.

Recommendations:

Versions prior to 2.0 are not affected.

Versions 2.0 through 3.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability.