CVE-2023-7145 | gopeak MasterLab up to 3.3.10 HTTP POST Request app/ctrl/Framework.php sqlInject pwd sql injection

CVE-2023-7145 | gopeak MasterLab up to 3.3.10 HTTP POST Request app/ctrl/Framework.php sqlInject pwd sql injection

A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. This vulnerability was named CVE-2023-7145. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.