A.Kadir Altan

**Name of the Vulnerable Software and Affected Versions** Basic Analysis and Security Engine (BASE) version 1.4.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the base qry main.php file, specifically via the `ip addr[0][1]`, `ip addr[0][2]`, or `ip addr[0][9]` parameters. **Recommendations** For Basic Analysis and Security Engine (BASE) version 1.4.5, consider restricting access to the base qry main.php file to minimize the risk of exploitation. Avoid using the `ip addr[0][1]`, `ip addr[0][2]`, and `ip addr[0][9]` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.