Syspass · Syspass · CVE-2015-6516
**Name of the Vulnerable Software and Affected Versions**
sysPass versions 1.0.9 and earlier
**Description**
The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `search` parameter to the "ajax/ajax search.php" API endpoint.
**Recommendations**
For sysPass versions 1.0.9 and earlier, update to a version later than 1.0.9 to resolve the issue.