Allen909

**Name of the Vulnerable Software and Affected Versions** CloudBoot versions prior to 2019-03-08 **Description** The issue allows for SQL Injection via a crafted Status field in JSON data to the "api/osinstall/v1/device/getNumByStatus" URI. **Recommendations** For CloudBoot versions prior to 2019-03-08, consider restricting access to the "api/osinstall/v1/device/getNumByStatus" URI until a patch is available. As a temporary workaround, avoid using crafted Status fields in JSON data to minimize the risk of exploitation.