Meftun

**Name of the Vulnerable Software and Affected Versions** DUdirectory version 3.1 DUdirectory Pro versions 3.x DUdirectory Pro SQL versions 3.x **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved by exploiting the `Username` or `Password` parameter in the admin/default.asp file. **Recommendations** For DUdirectory version 3.1, update the admin/default.asp file to properly sanitize the `Username` and `Password` parameters. For DUdirectory Pro versions 3.x, restrict access to the admin/default.asp file until a patch is available to fix the SQL injection issue. For DUdirectory Pro SQL versions 3.x, consider disabling the `Username` and `Password` parameters in the admin/default.asp file as a temporary workaround until a fix is released.