Cyberducky0O0

**Name of the Vulnerable Software and Affected Versions** Tirreno version 0.9.5 **Description** A SQL Injection issue exists in Tirreno version 0.9.5. The vulnerability is located in the `/admin/loadUsers` API endpoint, stemming from the unsafe handling of user-supplied input within the `columns[0][data]` parameter. This parameter is directly incorporated into SQL queries without adequate validation or parameterization. **Recommendations** Update to a newer version that contains a fix for this issue. As a temporary workaround, restrict access to the `/admin/loadUsers` API endpoint.