Anna Sidorova

**Name of the Vulnerable Software and Affected Versions** ZEROF Web Server version 1.0 (April 2021) **Description** The issue allows SQL Injection via the "HandleEvent" endpoint for the login page. **Recommendations** For ZEROF Web Server version 1.0 (April 2021), update the software to prevent SQL injection attacks, specifically focusing on securing the /HandleEvent endpoint for the login page.

**Name of the Vulnerable Software and Affected Versions** ZEROF Expert pro version 2.0 **Description** The issue allows SQL Injection via the `Authorization` header to the "/v2/devices/add" endpoint. **Recommendations** For version 2.0, update the application to prevent SQL injection attacks, specifically by validating and sanitizing the `Authorization` header in the "/v2/devices/add" endpoint. As a temporary workaround, consider restricting access to the "/v2/devices/add" endpoint until a patch is available.