28Ara
CVE-2023-7145 | gopeak MasterLab up to 3.3.10 HTTP POST Request app/ctrl/Framework.php sqlInject pwd sql injection
A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the functionsqlInject
of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection.
This vulnerability was named CVE-2023-7145. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.