CVE-2018-11414

Name of the Vulnerable Software and Affected Versions BearAdmin version 0.5

Description An issue was discovered in BearAdmin where there is a SQL injection vulnerability due to the improper construction of a MySQL query in the admincontrollerAdminLog.php file. This occurs when the user id parameter is used in the admin/admin log/index.html endpoint.

Recommendations For BearAdmin version 0.5, avoid using the user id parameter in the admin/admin log/index.html endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the admincontrollerAdminLog.php file to minimize the risk of exploitation.