Divzeronz

**Name of the Vulnerable Software and Affected Versions** Loway QueueMetrics versions prior to 19.04.1 **Description** A SQL injection issue exists at the tpf URI, allowing remote authenticated attackers to execute arbitrary SQL commands via the `TASKS LIST pt.querystring` parameter. **Recommendations** For versions prior to 19.04.1, update to version 19.04.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the tpf URI to minimize the risk of exploitation. Avoid using the `TASKS LIST pt.querystring` parameter in the affected URI until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Loway QueueMetrics versions prior to 19.10.21 **Description** A SQL injection issue allows remote authenticated users to execute arbitrary SQL commands via the `exportId` parameter in the "qm adm/qm export stats run.do" endpoint. **Recommendations** For versions prior to 19.10.21, update to version 19.10.21 or later to resolve the issue. As a temporary workaround, consider restricting access to the "qm adm/qm export stats run.do" endpoint until the update is applied. Avoid using the `exportId` parameter in the affected endpoint until the issue is resolved.