Damstra · Damstra Smart Asset · CVE-2020-26525
**Name of the Vulnerable Software and Affected Versions**
Damstra Smart Asset version 2020.7
**Description**
The issue allows for SQL injection via the "API/api/Asset" endpoint, specifically through the `originator` parameter. This enables an attacker to force the database and server to initiate remote connections to third-party DNS servers.
**Recommendations**
For Damstra Smart Asset version 2020.7, as a temporary workaround, consider restricting access to the "API/api/Asset" endpoint until a patch is available. Avoid using the `originator` parameter in this endpoint to minimize the risk of exploitation.