N3Wb0Ss

**Name of the Vulnerable Software and Affected Versions** TekBase All-in-One version 3.1 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the `ids` parameter to "admin.php" and the `y` parameter to "members.php". One of the vectors requires administrative access. **Recommendations** For version 3.1, consider restricting access to the "admin.php" and "members.php" scripts until a patch is available. As a temporary workaround, avoid using the `ids` and `y` parameters in the affected API endpoints.