Alice2014

**Name of the Vulnerable Software and Affected Versions** 07FLY CRM V2 **Description** A critical issue has been found in the Administrator Login Page component, specifically affecting the /index.php/sysmanage/Login/login auth/ file. The manipulation of the `account` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For 07FLY CRM V2, as a temporary workaround, consider restricting access to the /index.php/sysmanage/Login/login auth/ file until a patch is available. Avoid using the `account` argument in the affected login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.