Talariax · Talariax Sendquick Alert Plus Server Admin · CVE-2021-26795
**Name of the Vulnerable Software and Affected Versions**
TalariaX sendQuick Alert Plus Server Admin version 4.3 before 8HF11
**Description**
A SQL Injection issue in the `/appliance/shiftmgn.php` endpoint allows attackers to obtain sensitive information via a Roster Time to Roster Management.
**Recommendations**
For TalariaX sendQuick Alert Plus Server Admin version 4.3 before 8HF11, update to a version that includes the fix for this issue, specifically 8HF11 or later.
As a temporary workaround, consider restricting access to the `/appliance/shiftmgn.php` endpoint until a patch is available.