Colind0Pe

**Name of the Vulnerable Software and Affected Versions** FIT2CLOUD RackShift version 1.7.1 **Description** The issue allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list() API endpoints. This enables attackers to potentially inject malicious SQL code, compromising the system's security. **Recommendations** For FIT2CLOUD RackShift version 1.7.1, consider disabling the `sort` parameter in the taskService.list(), bareMetalService.list(), and switchService.list() functions until a patch is available. Restrict access to these API endpoints to minimize the risk of exploitation. Avoid using the `sort` parameter in these endpoints until the issue is resolved.