CVE-2019-19016

Name of the Vulnerable Software and Affected Versions TitanHQ WebTitan versions prior to 5.18

Description An issue was discovered in the administration interface of the software, where some functions, such as the "history-x.php" endpoint, are susceptible to SQL Injection through the results parameter. This could allow an attacker to extract sensitive information from the appliance database.

Recommendations For versions prior to 5.18, update to version 5.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the "history-x.php" endpoint and avoiding the use of the results parameter until the issue is resolved.