Alex Lauerman

**Name of the Vulnerable Software and Affected Versions** Epiphany Cardio Server version 3.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands via a crafted URL, specifically through a SQL injection vulnerability in the login page. **Recommendations** For Epiphany Cardio Server version 3.3, update to a version that includes a fix for the SQL injection vulnerability in the login page, or as a temporary workaround, consider restricting access to the login page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Epiphany Cardio Server versions 3.3 through 4.1 **Description** The issue concerns the mishandling of authentication requests on the login page, allowing remote attackers to conduct LDAP injection attacks. This enables attackers to bypass intended access restrictions by using a crafted URL. **Recommendations** For versions 3.3 through 4.1, consider temporarily restricting access to the login page until a patch is available. As a mitigation measure, restrict the use of LDAP authentication to minimize the risk of exploitation.