Tomy

**Name of the Vulnerable Software and Affected Versions** eolinker apinto-dashboard (affected versions not specified) **Description** A problematic issue affects the processing of the file /login, where the manipulation of the `callback` argument leads to an open redirect. This issue can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBAX go-ibax (affected versions not specified) **Description** A critical vulnerability has been found in IBAX go-ibax, affecting an unknown function of the file "/api/v2/open/tablesInfo". The manipulation leads to SQL injection, and it is possible to launch the attack remotely. The exploit has been disclosed to the public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBAX go-ibax (affected versions not specified) **Description** A critical issue has been found in IBAX go-ibax, affecting some unknown functionality of the file "/api/v2/open/rowsInfo". The manipulation of the `table name` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBAX go-ibax (affected versions not specified) **Description** A critical issue was found in IBAX go-ibax, affecting the `/api/v2/open/rowsInfo` endpoint. The manipulation of the `order` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** go-ibax versions starting from commits on Jul 18, 2020 **Description** A critical issue has been found in go-ibax, allowing for SQL injection. This is due to the manipulation of the `where` argument in the `/api/v2/open/rowsInfo` endpoint, which can be initiated remotely. The issue affects the `/packages/api/database.go` file and can lead to identity spoofing, data tampering, disclosure of all data on the system, data destruction, or making data unavailable, and potentially allowing attackers to become database server administrators. **Recommendations** For versions starting from commits on Jul 18, 2020, consider disabling the `where` parameter in the `/api/v2/open/rowsInfo` endpoint as a temporary workaround until a patch is available. Restrict access to the `/packages/api/database.go` file to minimize the risk of exploitation. Avoid using the `where` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eolinker apinto-dashboard (affected versions not specified) **Description** A vulnerability was found in eolinker apinto-dashboard, classified as problematic, affecting some unknown processing of the file "/api/discoveries/". The manipulation leads to cross-site scripting. The attack may be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eolinker apinto-dashboard (affected versions not specified) **Description** A problematic issue has been found, affecting an unknown function of the file /login. The manipulation of the `callback` argument leads to cross-site scripting. It is possible to launch the attack remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.