Status Update Request: Unauthorized User Creation and SQL Injection Vulnerability in Chatwoot

[stichtingpleio]

We previously reported a critical vulnerability in Chatwoot that allows unauthorized users to create accounts. These accounts can then be used to perform an SQL injection, enabling the extraction of all data from the database.

We understand that you are aware of this issue and are working on a fix. Could you please provide us with an update on the status of the resolution and an estimated timeline for the fix?

If the resolution takes too long, we may need to explore the possibility of addressing this issue ourselves.

We appreciate your prompt attention to this matter and look forward to your update.

M Ziemeirnk