Giuseppe Iuculano

**Name of the Vulnerable Software and Affected Versions** smbind versions prior to 0.4.8 **Description** The issue concerns a problem with the filter function in the smbind software, specifically in the php/src/include.php file. This problem allows remote attackers to conduct SQL injection attacks by exploiting the `username` parameter in the admin login page. The lack of anchoring in a certain regular expression enables attackers to execute arbitrary SQL commands. **Recommendations** For versions prior to 0.4.8, update to version 0.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin login page to minimize the risk of exploitation. Avoid using the `username` parameter in the affected login functionality until the issue is resolved.