Udpsendtofailed

**Name of the Vulnerable Software and Affected Versions** Pterodactyl versions prior to 1.12.3 **Description** The Client API contains a logic flaw allowing users to bypass assigned limits for database allocations. This occurs because the database locking mechanism within the controllers is ineffective. Specifically, in `DatabaseController.php`, the call to `$server->databases()->lockForUpdate()` fails to execute a command to the database due to the absence of a terminal method such as `count()` or `get()`, rendering the operation a no-op. Consequently, concurrent requests to the endpoint can bypass the database count check and trigger the `DeployServerDatabaseService` to create excessive resources on the physical host, which may also disrupt the web interface. **Recommendations** Update to version 1.12.3.