Tt Rss · Tiny Tiny Rss · CVE-2017-16896
**Name of the Vulnerable Software and Affected Versions**
Tiny Tiny RSS version 17.4
**Description**
A SQL injection issue exists in the forgotpass component of Tiny Tiny RSS via the `login` parameter in the classes/handler/public.php file.
**Recommendations**
For Tiny Tiny RSS version 17.4, update to a newer version that contains a fix for this issue.