Unknown · Sonic Shopfloor.Guide · CVE-2024-31961
**Name of the Vulnerable Software and Affected Versions**
Sonic Shopfloor.guide versions prior to 3.1.3
**Description**
A SQL injection issue in unit.php allows remote attackers to execute arbitrary SQL commands via the `level2` parameter. This enables attackers to manipulate database queries, potentially leading to unauthorized data access or modification.
**Recommendations**
For versions prior to 3.1.3, update to version 3.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `unit.php` file or validating and sanitizing the `level2` parameter to prevent malicious input.