A.1.M

**Name of the Vulnerable Software and Affected Versions** PhpWebThings version 1.4.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `file` parameter in the "download.php" API endpoint. **Recommendations** For PhpWebThings version 1.4.4, consider restricting access to the `download.php` endpoint until a patch is available, and avoid using the `file` parameter to minimize the risk of exploitation.