Shipanoo

**Name of the Vulnerable Software and Affected Versions** todesk version 1.1 **Description** The issue allows a remote attacker to execute arbitrary code. This is achieved via the "/todesk.com/news.html" API endpoint, where a parameter is vulnerable to SQL injection. No information is provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** For todesk version 1.1, update to a version that fixes the SQL injection issue, if available. As a temporary workaround, consider restricting access to the "/todesk.com/news.html" API endpoint to minimize the risk of exploitation. Avoid using vulnerable parameters in this endpoint until the issue is resolved.