Salmanooh

**Name of the Vulnerable Software and Affected Versions** Loki download manager version 2.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `password` field to the "default.asp" endpoint or the `cat` parameter to the "catinfo.asp" endpoint. **Recommendations** For Loki download manager version 2.0, consider restricting access to the "default.asp" and "catinfo.asp" endpoints until a patch is available. As a temporary workaround, avoid using the `password` field in the "default.asp" endpoint and the `cat` parameter in the "catinfo.asp" endpoint to minimize the risk of exploitation.