Paolo Ferro

**Name of the Vulnerable Software and Affected Versions** AnteeoWMS versions prior to 4.7.34 **Description** A SQL injection issue in the login portal allows unauthenticated attackers to execute arbitrary SQL commands via the `username` parameter, potentially leading to the disclosure of some data in the underlying database. **Recommendations** For versions prior to 4.7.34, update to version 4.7.34 or later to resolve the issue. As a temporary workaround, consider restricting access to the login portal or validating and sanitizing the `username` parameter to minimize the risk of exploitation.