Stilpu

**Name of the Vulnerable Software and Affected Versions** MyReview version 1.9.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `email` parameter to the "Admin.php" endpoint. The vulnerability is specifically located in the `GetMember` function in "functions.php". **Recommendations** For MyReview version 1.9.4, consider restricting access to the `GetMember` function in "functions.php" to minimize the risk of exploitation. Avoid using the `email` parameter in the "Admin.php" endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.