So Connect · Sol.Connect Iset-Mpp Meter · CVE-2017-11494
**Name of the Vulnerable Software and Affected Versions**
SOL.Connect ISET-mpp meter versions 1.2.4.2 and earlier
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `user` parameter in a "login action".
**Recommendations**
For versions 1.2.4.2 and earlier, consider restricting access to the login action until a patch is available. As a temporary workaround, avoid using the `user` parameter in the affected login endpoint to minimize the risk of exploitation.