CVE-2023-54340

Name of the Vulnerable Software and Affected Versions WorkOrder CMS version 0.1.0

Description WorkOrder CMS version 0.1.0 has a SQL injection issue. An unauthenticated attacker can bypass login by manipulating the username and password parameters. Attackers can inject malicious SQL queries, such as 'OR 1=1' and stacked queries, to gain access to database information or execute administrative commands. The vulnerable parameters are used in a SQL query without proper sanitization.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the username and password parameters before using them in SQL queries.