Mpex Business Solutions · Mx-Smarttimer · CVE-2014-5440
**Name of the Vulnerable Software and Affected Versions**
MPEX Business Solutions MX-SmartTimer versions prior to 13.19.18
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ct100$CPHContent$password` parameter in the Login.aspx file.
**Recommendations**
For versions prior to 13.19.18, update to version 13.19.18 or later to resolve the issue.