Qqx

**Name of the Vulnerable Software and Affected Versions** CrashFix version 1.0.4 **Description** The issue is related to SQL Injection via the `User[status]` parameter, which is connected to the `actionIndex` in `UserController.php` and the `search()` function in `protectedmodelsUser.php`. **Recommendations** For CrashFix version 1.0.4, consider restricting access to the `User[status]` parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the `search()` function in `protectedmodelsUser.php` until a patch is available.