Shain L

**Name of the Vulnerable Software and Affected Versions** Mumara Classic versions through 2.93 **Description** A SQL injection issue in the license update.php file allows a remote unauthenticated attacker to execute arbitrary SQL commands via the `license` parameter. This enables the attacker to manipulate database queries, potentially leading to unauthorized data access or modification. **Recommendations** For Mumara Classic versions through 2.93, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the license update.php file to minimize the risk of exploitation. Avoid using the `license` parameter in the affected API endpoint until the issue is resolved.