Yilmaz Degirmenci

**Name of the Vulnerable Software and Affected Versions** FreeSMS version 2.1.2 **Description** The software contains a boolean-based blind SQL injection issue in the password parameter. This allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to the `/pages/crc handler.php?method=login` endpoint to authenticate as any known user and subsequently modify their password via the profile update function. The vulnerable parameter is `password`. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/pages/crc handler.php?method=login` endpoint. Avoid using the `password` parameter in the affected API endpoint until the issue is resolved.