Alireza Hasani

**Name of the Vulnerable Software and Affected Versions** SkyPortal version RC6 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via unspecified parameters to several API endpoints, including (1) "nc top.asp", (2) "inc bookmarks.asp", possibly involving a parameter passed from "cp main.asp", (3) "inc profile functions.asp", or (4) "inc SUBSCRIPTIONS.asp". Additionally, the `Avatar URL`, `LINK1`, or `LINK2` parameter to "cp main.asp" in an EditIt action can be exploited. **Recommendations** For SkyPortal version RC6, consider restricting access to the vulnerable API endpoints "nc top.asp", "inc bookmarks.asp", "inc profile functions.asp", "inc SUBSCRIPTIONS.asp", and "cp main.asp" until a patch is available. As a temporary workaround, avoid using the `Avatar URL`, `LINK1`, and `LINK2` parameters in the "cp main.asp" endpoint with an EditIt action.