Xianur0

**Name of the Vulnerable Software and Affected Versions** Meeting Room Booking System (MRBS) versions prior to 1.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `area` parameter to API endpoints such as "month.php", and possibly "day.php" and "week.php". **Recommendations** For versions prior to 1.4, update to version 1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "month.php", "day.php", and "week.php" API endpoints until a patch is available. Avoid using the `area` parameter in these affected API endpoints until the issue is resolved.